MySQL connection over SSL possible?
Anders Holm
anders.holm at sysadmin.ie
Wed Jun 11 11:30:52 CEST 2008
Indeed, stunnel is one way to go, another might be SSH tunnels, or as another poster mentioned IPSec tunnels.
Yes, data integrity and security of the data is vital, along the whole path from backend storage to end device, so this is just one piece of that puzzle ...
What I'll do short term is to look at ways to create a secure tunnel, and if time permitting see if I can manage to create a patch that someone that has better coding skills then me would then need to sanitize.. :)
I can see a few new options coming out from such a patch
ssl = yes
<options to point to various SSL certificate files>
I haven't checked, but from memory I'm not even sure it's possible to specify a port number for the database, need to check that too .. Questions, questions, and so little time .. :)
//anders
----- Original Message -----
From: "A L M Buxey" <A.L.M.Buxey at lboro.ac.uk>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Monday, June 9, 2008 6:19:30 PM GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: MySQL connection over SSL possible?
Hi,
> No. Driver is sql_mysql.c file in
> src/modules/rlm_sql/drivers/rlm_sql_mysql/ folder of your distribution.
> You will need to edit the source file and recompile to have freeradius
> mysql client ask for a SSL connection.
hmm, i could see a future with sql.conf containing
ssl = yes
and each SQL driver, if supported, using SSL method to connect.
would probably also need certs etc in the config for this to happen.
for another option, without editing code, use eg stunnel to connect
to the remote SQL server and then tell FreeRADIUS to use the
local end port of the stunnel session.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list