[RADIATOR] Password/certificate security seems next to none on Radiator server
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Oct 1 13:48:15 CDT 2015
Hi,
> Specific hardware for securing files on your server shouldn't be necessary for the use cases I'm suggesting. I've just integrated Radiator for the first time and I was shocked that for each NAS I had to keep the password in plaintext.
yes... but who can use that password? just the NAS. if you try using that password (shared secret_ on another NAS
it wont work as the IP address of the client is different.... oh, unless you've defined your client as 0.0.0.0/0
but that would be stupidity
> Radiator is installed on servers worldwide whether physical or VM, I believe that each of them (regardless of hardware) should be provided with at least the same security as NPS which knows how to accept user passwords in plaintext and then obfuscate them (whether encrypted, hashed or otherwise).
NPS stores its NAS shared secrets simply too. user passwords can be stored in many secure ways...even kept in their original
location in the AD and use LSA or ntlm_auth to authenticate the user via AD through RADIATOR
alan
More information about the radiator
mailing list