summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2008-07-23 14:17:53 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2008-07-23 14:17:53 +0000
commitad2e513b0eb8ed8b469f96cf8896a90f09e28c73 (patch)
tree231e945195fea19147a8cd437f44370976ad49ee
parent5c3072c3617e74cd98872464ce9d19d9f09823a9 (diff)
preparing for release of 1.1
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@326 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--ChangeLog7
-rw-r--r--radsecproxy.conf-example20
-rw-r--r--radsecproxy.conf.52
3 files changed, 25 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index abf2c24..b86d464 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,3 +17,10 @@
Supports multiple client blocks for same source address with different
certificate checks
Removed weekday from log timestamps
+2008-07-24 1.1
+ Logging stationid attribute
+ Added LoopPrevention option
+ Failover also without status-server
+ Options for RetryCount and RetryInterval
+ Working accounting and AccountingResponse option
+ CRL checking and option for enabling it
diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index 4a0457c..f88bfad 100644
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -1,4 +1,4 @@
-#Master config file, must be in /etc/radsecproxy or proxy's current directory
+#Master config file, must be in /etc/radsecproxy or specified with -c option
# All possible config options are listed below
# First you may define any global options, these are:
@@ -9,6 +9,12 @@
#listenUDP localhost
#listenTCP 10.10.10.10:2084
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
+# To listen to the default or other Accounting port for UDP you need e.g.
+#ListenAccountingUDP *:1813
+
+# To specify a certain address/port for UDP/TLS requests you can use e.g.
+#SourceUDP 127.0.0.1:33000
+#SourceTCP *:33001
# Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3
#Optional LogDestinatinon, else stderr used for logging
@@ -20,6 +26,9 @@
#LogDestination x-syslog:///
#LogDestination x-syslog:///log_local2
+#There is an option for doing some simple loop prevention
+#LoopPrevention on
+
#If we have TLS clients or servers we must define at least one tls block.
#You can name them whatever you like and then reference them by name when
#specifying clients or servers later. There are however three special names
@@ -40,6 +49,8 @@ tls default {
CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem
# Optionally specify password if key is encrypted (not very secure)
CertificateKeyPassword "follow the white rabbit"
+ # Optionally enable CRL checking
+ # CRLCheck on
}
#If you want one cert for all clients and another for all servers, use
@@ -85,6 +96,8 @@ server 127.0.0.1 {
}
realm eduroam.cc {
server 127.0.0.1
+# If also want to use this server for accounting, specify
+# accountingServer 127.0.0.1
}
server 2001:db8::1 {
@@ -110,12 +123,13 @@ realm /@example\.com$ {
}
# One can define a realm without servers, the proxy will then reject
# and requests matching this. Optionally one can specify ReplyMessage
-# attribute to be included in the reject message.
-#
+# attribute to be included in the reject message. One can also use
+# AccountingResponse option to specify that the proxy should send such.
realm /\.com$ {
}
realm /^anonymous$ {
replymessage "No Access"
+# AccountingResponse On
}
# The realm below is equivalent to /.*
realm * {
diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5
index 7799357..31475bd 100644
--- a/radsecproxy.conf.5
+++ b/radsecproxy.conf.5
@@ -1,4 +1,4 @@
-.TH radsecproxy.conf 5 "14 May 2008"
+.TH radsecproxy.conf 5 "23 July 2008"
.SH "NAME"
radsecproxy.conf - Radsec proxy configuration file