[RADIATOR] Multiple secrets per client definition?
Jacob Rohlff
jacob.rohlff at googlemail.com
Mon Apr 19 03:49:26 CDT 2010
Hi.
I’ve searched through the mail archive, but haven’t found anything that
could help me, I’m sorry if this has already been dealt with.
We are running Radiator 4.6 on Red Hat Linux.
Is it possible to have more than one secret per client definition? So if a
device uses either of the secrets it will be able to authenticate
successfully?
For example, if you need to change your client secret for some reason (i.e.
audit found the secret to be too short or not complex enough) and you want a
smooth transition for the devices which are using Radiator to authenticate,
allowing them to use either secrets for a while, until all devices use the
new secret, then remove the old secret from the Radiator config.
In this case however, the request might just be for the same client
definition to allow several secrets.
Our client definition looks like this:
<Client DEFAULT>
Secret <something>
Identifier Default
</Client>
So every device/client has the same identifier.
Creating several client definitions to separate the IP subnets would be one
way to gradually have the clients use the new secret, however this would
still require the Radiator config to be changed at the same time as the
client’s radius settings is changed (for the devices in the affected IP
subnet).
Is there another practical way to change secret - without the clients losing
the ability to authenticate until their radius config is changed?
Kind regards.
Jacob Rohlff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100419/d93d7935/attachment.html
More information about the radiator
mailing list