Remote MySQL backend encryption

liran tal liransgarage at gmail.com
Tue Apr 27 06:53:50 CEST 2010


On Tue, Apr 27, 2010 at 1:17 AM, John Dennis <jdennis at redhat.com> wrote:

> On 04/26/2010 05:33 PM, Eric.Hernandez at allegiantair.com wrote:
>
>> I see thats what I thought, I also confirmed its all clear text with
>> tcpdump.
>>
>> If I were to switch my backend to an ldap system would I have encrypted
>> traffic for user authentication with freeradius remote ldap/backend setup?
>>
>

Or you could probably tunnel the traffic via SSH or some other encrypted
medium.
Given this will add overhead though I don't know to say how much in compared
to other solutions,
depending on your deployment I guess.



Regards,
Liran Tal.






> Not currently, but I've got a patch for the 1.1.7 version of rlm_ldap, so
> it might need some tweaking for 2.x
>
>
>
>> Also is there a nas/radacct table equivalent in the ldap solution or is
>> it strictly for user authentication?
>>
>
> Not currently, but I've got a patch for the 1.1.7 version of rlm_ldap, so
> it might need some tweaking for 2.x
>
> FWIW, I don't have extra cycles at the moment.
>
> BTW, patching rlm_sql_mysql to use SSL wouldn't be hard.
>
>
> --
> John Dennis <jdennis at redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100427/cffadf64/attachment.html>


More information about the Freeradius-Users mailing list