Hi,
> On 02 Oct 2015, at 14:57, Nadav Hod <[email protected]> wrote:
>
> I personally am not a big fan of NPS due to its lack of scalability,
> authentication support and customability, but at least credentials were
> somewhat secure.
>
if I understood correctly, some sort of wanted kind of protection could be
implemented with
using variables for secrets in Radiator config and include definitions of
variables
through a script.
E.g.:
DbDir /etc/radiator
include %D/conf_secrets.pl|
<Client 1.2.3.4>
Identifier client1
Secret %{GlobalVar:client1_secret}
</Client>
<AuthBy FILE>
EAPTLS_PrivateKeyPassword %{GlobalVar:tls_cert_key_pass}
</AuthBy>
The protection of secrets is then implemented in conf_secrets.pl script.
When authorized to output, it should print stdout:
DefineGlobalVar client1_secret mysecret
DefineGlobalVar tls_cert_key_pass whatever
BR
--
Tuure Vartiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
