[RADIATOR] Radius and TACACS+ password obfuscation

Heikki Vatiainen hvn at open.com.au
Fri Sep 23 02:38:25 CDT 2016


On 22.9.2016 12.53, Nadav Hod wrote:

> From the looks of things, this requires certain Linux primitives (for
> lack of better term) such as rcrypt. This could just be a
> misunderstanding. Is there a supported solution for Windows Server
> deployments?

The example uses rcrypt which is described in Radiator's reference 
manual, is part of Radiator and is not dependent on the operating system 
Radiator runs on. It was chosen for the example because it's currently 
the simplest way to encrypt a secret.

There is no reason why other encryption algorithms could not be 
supported. Also, the encryption key management is not fixed to a single 
solution, but could utilise, for example, different kinds of vaults in 
addition to, for example, storing the key somewhere in the OS's file 
system. By key I mean the encryption key or what ever is required to 
decrypt the value configured with EncryptedSecret ...

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list