Are you able to use environment variables like this?: server = $ENV{DB_HOST} port = $ENV{DB_PORT} login = $ENV{DB_USER} password = $ENV{DB_PASSWORD} radius_db = $ENV{DB_DATABASE} This is how we configure it in our cluster. If you run it directly on the machine, it does not provide any added security, but your requirement would be met. I know it just moves the need to encrypt the data to the OS, but there are probably more ways how to do it. Ludo On 7/23/24 17:21, Alan Smith via Freeradius-Users wrote:
A project I am working on does not allow storage of plain text passwords in the config file. That is why. On Tuesday, 23 July 2024 at 09:39:41 pm SGT, Alan DeKok <aland@deployingradius.com> wrote:
On Jul 23, 2024, at 1:12 AM, Alan Smith via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
How may I encrypt the password used in Connection info in SQL module? Kindly advise. Thanks.
What problem would that solve?
Think about it for a bit. The server has to be able to decrypt that password somehow. So where is the decryption key stored? How can the server get access to it?
These kinds of approaches add complexity, and offer zero additional security.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html