diff options
author | venaas <venaas> | 2008-07-23 14:17:53 +0000 |
---|---|---|
committer | venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> | 2008-07-23 14:17:53 +0000 |
commit | ad2e513b0eb8ed8b469f96cf8896a90f09e28c73 (patch) | |
tree | 231e945195fea19147a8cd437f44370976ad49ee | |
parent | 5c3072c3617e74cd98872464ce9d19d9f09823a9 (diff) |
preparing for release of 1.1
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@326 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | radsecproxy.conf-example | 20 | ||||
-rw-r--r-- | radsecproxy.conf.5 | 2 |
3 files changed, 25 insertions, 4 deletions
@@ -17,3 +17,10 @@ Supports multiple client blocks for same source address with different certificate checks Removed weekday from log timestamps +2008-07-24 1.1 + Logging stationid attribute + Added LoopPrevention option + Failover also without status-server + Options for RetryCount and RetryInterval + Working accounting and AccountingResponse option + CRL checking and option for enabling it diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index 4a0457c..f88bfad 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -1,4 +1,4 @@ -#Master config file, must be in /etc/radsecproxy or proxy's current directory +#Master config file, must be in /etc/radsecproxy or specified with -c option # All possible config options are listed below # First you may define any global options, these are: @@ -9,6 +9,12 @@ #listenUDP localhost #listenTCP 10.10.10.10:2084 #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084 +# To listen to the default or other Accounting port for UDP you need e.g. +#ListenAccountingUDP *:1813 + +# To specify a certain address/port for UDP/TLS requests you can use e.g. +#SourceUDP 127.0.0.1:33000 +#SourceTCP *:33001 # Optional log level. 3 is default, 1 is less, 4 is more #LogLevel 3 #Optional LogDestinatinon, else stderr used for logging @@ -20,6 +26,9 @@ #LogDestination x-syslog:/// #LogDestination x-syslog:///log_local2 +#There is an option for doing some simple loop prevention +#LoopPrevention on + #If we have TLS clients or servers we must define at least one tls block. #You can name them whatever you like and then reference them by name when #specifying clients or servers later. There are however three special names @@ -40,6 +49,8 @@ tls default { CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem # Optionally specify password if key is encrypted (not very secure) CertificateKeyPassword "follow the white rabbit" + # Optionally enable CRL checking + # CRLCheck on } #If you want one cert for all clients and another for all servers, use @@ -85,6 +96,8 @@ server 127.0.0.1 { } realm eduroam.cc { server 127.0.0.1 +# If also want to use this server for accounting, specify +# accountingServer 127.0.0.1 } server 2001:db8::1 { @@ -110,12 +123,13 @@ realm /@example\.com$ { } # One can define a realm without servers, the proxy will then reject # and requests matching this. Optionally one can specify ReplyMessage -# attribute to be included in the reject message. -# +# attribute to be included in the reject message. One can also use +# AccountingResponse option to specify that the proxy should send such. realm /\.com$ { } realm /^anonymous$ { replymessage "No Access" +# AccountingResponse On } # The realm below is equivalent to /.* realm * { diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index 7799357..31475bd 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -1,4 +1,4 @@ -.TH radsecproxy.conf 5 "14 May 2008" +.TH radsecproxy.conf 5 "23 July 2008" .SH "NAME" radsecproxy.conf - Radsec proxy configuration file |