[RADIATOR] How to get rid of passwords in configuration files
Johannes Demel
demel at zid.tuwien.ac.at
Wed Jul 30 11:02:36 CDT 2014
I would like to hide all passwords and simular items from the radiator configuration file.
To do this, I wrote a startup-hook script, which reads all senstive Items into global variables
from a file (which can by encrypted) which I want to use in the configuration file.
This works fine in some cases, but did not work in other statements:
Where it works:
DBAuth %{GlobalVar:SQLAuth}
GetClientQuery select NASIDENTIFIER, %{Quote:%{GlobalVar:Client_8021x}} ......
where it does not work
ROCommunity %{GlobalVar:SNMP_ro}
Secret %{GlobalVar:Client_localhost}
RcryptKey %{GlobalVar:Secret_rcrypt}
In the case, when it does not work, the complete string (eg %{GlobalVar:Client_localhost})
is used for secret / password.
Is this intentional or a bug.
How can I get rid of all passwords from the configuration file (without a preprocessor
of the configuration file).
Regards, Johannes
----
Johannes Demel demel at zid.tuwien.ac.at Johannes.Demel at tuwien.ac.at
Information Technology Services, Head of Communication Group
Vienna University of Technology, Austria
Wiedner Hauptstrasse 8-10/020, A 1040 Wien, Austria
Tel: +43 (1) 58801-42040 Fax: +43(1) 58801-42099
More information about the radiator
mailing list