Parsing auth proxy config values have reserved charachters

mcnop · ‎07-31-2023

I'm trying to set up a radius proxy on RHEL.
Is there any guidance on reserved characters, escaping or quoting non-alphanumeric values to be parsed from the configuration file?
One of the videos I watched indicated ; and # should not be used for values such as the secret because they are interpreted as the beginning of a comment. I have confirmed the proxy works as expected when sticking with alpha-numeric secret, and that non-alphanumeric characters were usable when the endpoint points directly at the primary radius server.
I am primarily interested in the radius secret field, but also how the config parsing restrictions in general.

DuoKristina · ‎08-01-2023

In addition to the comment characters # and ; (as mentioned here), also watch for commas in the user passwords, as that's the default delimiter character for appending passcodes or factors to a password in LDAP and some RADIUS configurations. We have occasionally seen issues with non-UTF8 characters in user passwords or secrets, which can be remedied by setting `pw_codec` in the cfg.

Feel free to search the Duo Knowledge Base for additional RADIUS answered questions.

Duo, not DUO.