RADIUS Node Secret Configuration
The RADIUSNodeSecret variable specifies a character string to use for security and authenticity when interacting with the configured RADIUS server or servers. Because of the way RADIUS operates, only the RADIUS requestors have node secrets (not the servers).
The same value configured forRADIUSNodeSecret must also be introduced into each RADIUS server through its own configuration mechanism. (For obvious reasons, this should be done in an out-of-band fashion.)
TheRADIUSNodeSecret variable is normally Screen-specific. It contains the following items:
-
sys=screen (optional)
-
prg=auth
-
name=RADIUSNodeSecret
-
value="nodesecret"
-
description="descriptive text" (optional)
-
enabled | disabled -- The default is enabled.
In multiple-Screen installations, the sys= item enables you to configure different node secrets for each Screen.
Caution - Because shortcuts were taken by some reference implementations, a common deficiency in RADIUS servers is the handling of node secrets that are longer than 31 characters. If you intend to use longer values, first determine that your server or servers can handle them correctly.
Once you establish addresses, rules, and variables, you must activate the configuration to propagate the changes.
- © 2010, Oracle Corporation and/or its affiliates