Freeradius sql module usage
Ľudovít Mikula
ludovit.mikula at mikori.sk
Tue Jul 23 17:46:50 UTC 2024
Are you able to use environment variables like this?:
server = $ENV{DB_HOST}
port = $ENV{DB_PORT}
login = $ENV{DB_USER}
password = $ENV{DB_PASSWORD}
radius_db = $ENV{DB_DATABASE}
This is how we configure it in our cluster.
If you run it directly on the machine, it does not provide any added
security, but your requirement would be met.
I know it just moves the need to encrypt the data to the OS, but there
are probably more ways how to do it.
Ludo
On 7/23/24 17:21, Alan Smith via Freeradius-Users wrote:
> A project I am working on does not allow storage of plain text passwords in the config file. That is why.
> On Tuesday, 23 July 2024 at 09:39:41 pm SGT, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Jul 23, 2024, at 1:12 AM, Alan Smith via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> How may I encrypt the password used in Connection info in SQL module? Kindly advise. Thanks.
>
> What problem would that solve?
>
> Think about it for a bit. The server has to be able to decrypt that password somehow. So where is the decryption key stored? How can the server get access to it?
>
> These kinds of approaches add complexity, and offer zero additional security.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list