'Re: Remote MySQL backend encryption'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Remote MySQL backend encryption
From:       liran tal <liransgarage () gmail ! com>
Date:       2010-04-27 4:53:50
Message-ID: k2q3ed55891004262153odf768b22ua24eeaffd7b1930a () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Tue, Apr 27, 2010 at 1:17 AM, John Dennis <jdennis@redhat.com> wrote:

> On 04/26/2010 05:33 PM, Eric.Hernandez@allegiantair.com wrote:
>
>> I see thats what I thought, I also confirmed its all clear text with
>> tcpdump.
>>
>> If I were to switch my backend to an ldap system would I have encrypted
>> traffic for user authentication with freeradius remote ldap/backend setup?
>>
>

Or you could probably tunnel the traffic via SSH or some other encrypted
medium.
Given this will add overhead though I don't know to say how much in compared
to other solutions,
depending on your deployment I guess.



Regards,
Liran Tal.






> Not currently, but I've got a patch for the 1.1.7 version of rlm_ldap, so
> it might need some tweaking for 2.x
>
>
>
>> Also is there a nas/radacct table equivalent in the ldap solution or is
>> it strictly for user authentication?
>>
>
> Not currently, but I've got a patch for the 1.1.7 version of rlm_ldap, so
> it might need some tweaking for 2.x
>
> FWIW, I don't have extra cycles at the moment.
>
> BTW, patching rlm_sql_mysql to use SSL wouldn't be hard.
>
>
> --
> John Dennis <jdennis@redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

[Attachment #5 (text/html)]

<div dir="ltr"><br><br>
<div class="gmail_quote">On Tue, Apr 27, 2010 at 1:17 AM, John Dennis <span \
dir="ltr">&lt;<a href="mailto:jdennis@redhat.com">jdennis@redhat.com</a>&gt;</span> \
wrote:<br> <blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; \
PADDING-LEFT: 1ex" class="gmail_quote"> <div class="im">On 04/26/2010 05:33 PM, <a \
href="mailto:Eric.Hernandez@allegiantair.com" \
target="_blank">Eric.Hernandez@allegiantair.com</a> wrote:<br> <blockquote \
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" \
class="gmail_quote">I see thats what I thought, I also confirmed its all clear text \
with<br>tcpdump.<br><br>If I were to switch my backend to an ldap system would I have \
encrypted<br> traffic for user authentication with freeradius remote ldap/backend \
setup?<br></blockquote></div></blockquote> <div> </div>
<div> </div>
<div>Or you could probably tunnel the traffic via SSH or some other encrypted \
medium.</div> <div>Given this will add overhead though I don&#39;t know to say how \
much in compared to other solutions,</div> <div>depending on your deployment I \
guess.</div> <div> </div>
<div> </div>
<div> </div>
<div>Regards,</div>
<div>Liran Tal.</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; \
PADDING-LEFT: 1ex" class="gmail_quote">Not currently, but I&#39;ve got a patch for \
the 1.1.7 version of rlm_ldap, so it might need some tweaking for 2.x  <div \
class="im"><br><br> <blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px \
0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote"><br>Also is there a nas/radacct \
table equivalent in the ldap solution or is<br>it strictly for user \
authentication?<br> </blockquote><br></div>Not currently, but I&#39;ve got a patch \
for the 1.1.7 version of rlm_ldap, so it might need some tweaking for \
2.x<br><br>FWIW, I don&#39;t have extra cycles at the moment.<br><br>BTW, patching \
rlm_sql_mysql to use SSL wouldn&#39;t be hard.  <div>
<div></div>
<div class="h5"><br><br>-- <br>John Dennis &lt;<a href="mailto:jdennis@redhat.com" \
target="_blank">jdennis@redhat.com</a>&gt;<br><br>Looking to carve out IT \
costs?<br><a href="http://www.redhat.com/carveoutcosts/" \
                target="_blank">www.redhat.com/carveoutcosts/</a><br>
-<br>List info/subscribe/unsubscribe? See <a \
href="http://www.freeradius.org/list/users.html" \
target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></blockquote></div><br></div>




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic