Thanks for the quick reply Heikki,

>From the looks of things, this requires certain Linux primitives (for lack of 
>better term) such as rcrypt. This could just be a misunderstanding. Is there a 
>supported solution for Windows Server deployments? 

From: [] on behalf of 
Heikki Vatiainen []
Sent: Thursday, September 22, 2016 10:01 AM
Subject: Re: [RADIATOR] Radius and TACACS+ password obfuscation

On 21.9.2016 18.13, Nadav Hod wrote:

> I read this in the Radiator 4.17 release notes:
> "Added initial support for encrypting and obfuscating TACACS+ keys in
> the configuration file. This is similar to the recently added RADIUS
> client shared secret obfuscation. Client and ServerTACACASPLUS now
> support EncryptedTACACSPLUSKey and EncryptedKey, respectively. Examples
> in the tacacsplusserver.cfg sample configuration file."
> I haven't seen anything regarding radius shared secret obfuscation in
> the documentation. Can anyone give a short example of this?

See, for example,

What's available now is supported for encrypted secrets using a fixed
key. What will follow is method to specify the encryption key so that it
does not need to be static but can be set, for example, when the process
starts up.

There are some Radiator users that require that this type of information
is not stored in clear text, as we discussed on this list earlier :),
and what we now have in Radiator is the foundation for this.

To summarise: Using a non-cleartext secret or TACACSC+ key is now
possible but managing the encryption keys will be enhanced in the future


Heikki Vatiainen <>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
radiator mailing list
radiator mailing list

Reply via email to