Hi, On Fri, 2 Oct 2015, Nadav Hod wrote: > Yes but as I mentioned in the original post, I suggested to access these > stores over a network share. These really shouldn't be local, afterall the > certificates can be loaded into memory and passwords can also be loaded into > memory. The share can be secured behind firewall (including different > security modules) and domain-level security. Most SMB's and enterprises > already have these in place. Keeping things local is bad practice for several > reasons. > you are free to implement this any way you like as Tuure pointed out a couple of posts back if you think it adds value in your specific setup.
This thread is going nowhere. Can we please end it here. Greetings Chrsitian > ________________________________________ > From: Nick Lowe [nick.l...@lugatech.com] > Sent: Friday, October 02, 2015 5:52 PM > To: Nadav Hod > Cc: Tuure Vartiainen; radiator@open.com.au > Subject: Re: [RADIATOR] Password/certificate security seems next to none on > Radiator server > > Nadav, > > You're just obfuscating by doing this as the RADIUS server still have > to get access to those things. Security through obscurity really > doesn't exist. It is a complete waste of time in my opinion. > > You have to reply on encryption of the backing storage and OS security > primitives with administrative best practice to do this properly. > There is no other way. > > Once somebody owns a box, all bets are off. > > Regards, > > Nick > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
