[RADIATOR] AuthBy SQLTOTP with encrypted secrets (RcryptKey)

Schnurrenberger Tobias (ID) tobias.schnurrenberger at id.ethz.ch
Tue Sep 12 12:21:38 UTC 2023

Hi there

Is it somehow possible to store the shared secret in the SQL database in Rcrypt encrypted format and tell radiator to decrypt it whit the given key? I could not find such configuration options in the docs.
Could it be done e.g. with a hook?

We are using radiator version 4.27-1 with this config snippet:

Identifier SQLauthorizeTOTP

DBSource %{GlobalVar:DB-Source}
DBUsername %{GlobalVar:DB-Username}
DBAuth %{GlobalVar:DB-Auth}
Timeout 1
SQLRetries 3
FailureBackoffTime 180

AuthSelect SELECT base32_decode_to_hex(secret), active, pin, digits, bad_logins, accessed, last_timestep, algorithm, timestep, timestep_origin from RADIUS_TOTP_KEYS WHERE username=?
AuthSelectParam %{X-MY-USER}

UpdateQuery UPDATE RADIUS_TOTP_KEYS SET accessed=now(), bad_logins=?, last_timestep=? WHERE username=?
UpdateQueryParam %0
UpdateQueryParam %2
UpdateQueryParam %{X-MY-USER}


Best regards,

ETH Zürich
Tobias Schnurrenberger
ITS Network Applications
OCT G 19
Binzmühlestrasse 130
8092 Zürich

Telefon +41 44 632 45 00
tobias.schnurrenberger at id.ethz.ch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4222 bytes
Desc: not available
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20230912/98d9c807/attachment.p7s>

More information about the radiator mailing list