Remote MySQL backend encryption

Eric.Hernandez at allegiantair.com Eric.Hernandez at allegiantair.com
Mon Apr 26 23:33:24 CEST 2010 

I see thats what I thought, I also confirmed its all clear text with
tcpdump.

If I were to switch my backend to an ldap system would I have encrypted
traffic for user authentication with freeradius remote ldap/backend setup?

Also is there a nas/radacct table equivalent in the ldap solution or is it
strictly for user authentication?


Message: 9
Date: Mon, 26 Apr 2010 15:04:17 -0400
From: John Dennis <jdennis at redhat.com>
Subject: Re: Remote MySQL backend encryption
To: FreeRadius users mailing list
		 <freeradius-users at lists.freeradius.org>
Message-ID: <4BD5E3B1.8060706 at redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed

On 04/26/2010 01:57 PM, Eric.Hernandez at allegiantair.com wrote:
> Hi,
>
> I am trying to figure out if need to encrypt my traffic from a
> FreeRadius server to a remote MySQL backend.
>
> I have the following setup.
>
> FreeRadius/MySQL (Server1)
>
> FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL
> Master to Master (ssl) Replication
>
> Now I want to add a third FreeRadius server without a local MySQL
Backend.
>
> So this third server will point to either Server1 or Server2 which runs
> MySQL but will these request be sent to the remote MySQL Servers in
> clear text?

This has nothing to do with how many MySQL servers you've got or how
you're doing replication, encryption occurs on a per connection basis
(e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never
opens an encrypted session with it's server because rlm_sql_mysql does
not have an option to set SSL/TLS transport (e.g. does not call
mysql_ssl_set()). That probably would be a good feature to add.

--
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/


------------------------------

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100426/75791e8d/attachment.html>

More information about the Freeradius-Users mailing list