[RADIATOR] Password/certificate security seems next to none on Radiator server
Tuure Vartiainen
vartiait at open.com.au
Fri Oct 2 07:11:42 CDT 2015
Hi,
> On 02 Oct 2015, at 14:57, Nadav Hod <nadav.hod at comm-it.co.il> wrote:
>
> I personally am not a big fan of NPS due to its lack of scalability, authentication support and customability, but at least credentials were somewhat secure.
>
if I understood correctly, some sort of wanted kind of protection could be implemented with
using variables for secrets in Radiator config and include definitions of variables
through a script.
E.g.:
DbDir /etc/radiator
include %D/conf_secrets.pl|
<Client 1.2.3.4>
Identifier client1
Secret %{GlobalVar:client1_secret}
</Client>
<AuthBy FILE>
EAPTLS_PrivateKeyPassword %{GlobalVar:tls_cert_key_pass}
</AuthBy>
The protection of secrets is then implemented in conf_secrets.pl script.
When authorized to output, it should print stdout:
DefineGlobalVar client1_secret mysecret
DefineGlobalVar tls_cert_key_pass whatever
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list