[RADIATOR] AuthBy SQLTOTP with encrypted secrets (RcryptKey)
Schnurrenberger Tobias (ID)
tobias.schnurrenberger at id.ethz.ch
Tue Sep 12 12:21:38 UTC 2023
Hi there
Is it somehow possible to store the shared secret in the SQL database in Rcrypt encrypted format and tell radiator to decrypt it whit the given key? I could not find such configuration options in the docs.
Could it be done e.g. with a hook?
We are using radiator version 4.27-1 with this config snippet:
---
<AuthBy SQLTOTP>
Identifier SQLauthorizeTOTP
DBSource %{GlobalVar:DB-Source}
DBUsername %{GlobalVar:DB-Username}
DBAuth %{GlobalVar:DB-Auth}
Timeout 1
SQLRetries 3
FailureBackoffTime 180
AuthSelect SELECT base32_decode_to_hex(secret), active, pin, digits, bad_logins, accessed, last_timestep, algorithm, timestep, timestep_origin from RADIUS_TOTP_KEYS WHERE username=?
AuthSelectParam %{X-MY-USER}
UpdateQuery UPDATE RADIUS_TOTP_KEYS SET accessed=now(), bad_logins=?, last_timestep=? WHERE username=?
UpdateQueryParam %0
UpdateQueryParam %2
UpdateQueryParam %{X-MY-USER}
NoDefault
NoEAP
</AuthBy>
---
Best regards,
Tobias
-------------------------------------------------------
ETH Zürich
Tobias Schnurrenberger
ITS Network Applications
OCT G 19
Binzmühlestrasse 130
8092 Zürich
Telefon +41 44 632 45 00
tobias.schnurrenberger at id.ethz.ch
-------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4222 bytes
Desc: not available
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20230912/98d9c807/attachment.p7s>
More information about the radiator
mailing list