3.14.1. Secret Previous topic Parent topic Child topic Next topic

This defines the shared secret that is used to encrypt and decrypt User-Password and some other less frequently used attributes. Shared secret is also used for RADIUS message integrity checking with the exception of Access-Request messages. You must define a shared secret for each Client, and it must match the secret configured into the client RADIUS software. There is no default. The secret can be any number of ASCII characters. Any ASCII character except newline is permitted, but it might be easier if you restrict yourself to the printable characters. For a reasonable level of security, the secret should be at least 16 characters, and a mixture of upper and lower case, digits and punctuation. You should not use just a single recognisable word.
# This better agree with the client at
# 10.20.30.40 or we won't understand them!
<Client 10.20.30.40>
      Secret 66+6obaFGkmRNs-R
</Client>