On 21.9.2016 18.13, Nadav Hod wrote:

> I read this in the Radiator 4.17 release notes:
>
> "Added initial support for encrypting and obfuscating TACACS+ keys in
> the configuration file. This is similar to the recently added RADIUS
> client shared secret obfuscation. Client and ServerTACACASPLUS now
> support EncryptedTACACSPLUSKey and EncryptedKey, respectively. Examples
> in the tacacsplusserver.cfg sample configuration file."
>
> I haven't seen anything regarding radius shared secret obfuscation in
> the documentation. Can anyone give a short example of this?

See, for example,
https://www.open.com.au/radiator/ref/EncryptedSecret_Client.html#EncryptedSecret_Client

What's available now is supported for encrypted secrets using a fixed 
key. What will follow is method to specify the encryption key so that it 
does not need to be static but can be set, for example, when the process 
starts up.

There are some Radiator users that require that this type of information 
is not stored in clear text, as we discussed on this list earlier :), 
and what we now have in Radiator is the foundation for this.

To summarise: Using a non-cleartext secret or TACACSC+ key is now 
possible but managing the encryption keys will be enhanced in the future 
releases.

Thanks,
Heikki

-- 
Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, 
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to