Yes but as I mentioned in the original post, I suggested to access these stores over a network share. These really shouldn't be local, afterall the certificates can be loaded into memory and passwords can also be loaded into memory. The share can be secured behind firewall (including different security modules) and domain-level security. Most SMB's and enterprises already have these in place. Keeping things local is bad practice for several reasons.
________________________________________ From: Nick Lowe [nick.l...@lugatech.com] Sent: Friday, October 02, 2015 5:52 PM To: Nadav Hod Cc: Tuure Vartiainen; radiator@open.com.au Subject: Re: [RADIATOR] Password/certificate security seems next to none on Radiator server Nadav, You're just obfuscating by doing this as the RADIUS server still have to get access to those things. Security through obscurity really doesn't exist. It is a complete waste of time in my opinion. You have to reply on encryption of the backing storage and OS security primitives with administrative best practice to do this properly. There is no other way. Once somebody owns a box, all bets are off. Regards, Nick _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
