summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2008-07-23 14:17:53 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2008-07-23 14:17:53 +0000
commitd12f4ae48c8c1f54ef7eecf2a094aa72d14b2c3e (patch)
treecb2e033d7b7978ea44892ae55843b9115a235ecb
parent3c370be673d6754c65bafad2664c7c2367625989 (diff)
preparing for release of 1.1
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/branches/release-1.1@326 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--ChangeLog7
-rw-r--r--README4
-rw-r--r--configure.ac2
-rw-r--r--radsecproxy.c4
-rw-r--r--radsecproxy.conf-example20
-rw-r--r--radsecproxy.conf.52
6 files changed, 30 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index abf2c24..1919311 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,3 +17,10 @@
Supports multiple client blocks for same source address with different
certificate checks
Removed weekday from log timestamps
+2008-07-24 1.1
+ Logging stationid attribute
+ Added LoopPrevention option
+ Failover also without status-server
+ Options for RetryCount and RetryInterval
+ Working accounting and AccountingResponse option
+ CRL checking and option for enabling it
diff --git a/README b/README
index 3c8be82..5961d8b 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-This is radsecproxy 1.1-beta.
+This is radsecproxy 1.1
radsecproxy is a generic RADIUS proxy that can support various
RADIUS clients over UDP or TLS (RadSec).
@@ -37,4 +37,4 @@ let me know if you feel left out.
For more information, feedback etc. please see the information
at http://software.uninett.no/radsecproxy/
-Stig Venaas <venaas@uninett.no> -- 2008.05.14
+Stig Venaas <venaas@uninett.no> -- 2008.07.24
diff --git a/configure.ac b/configure.ac
index 2812d67..e9b3b0d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(radsecproxy, 1.1-beta, venaas@uninett.no)
+AC_INIT(radsecproxy, 1.1, venaas@uninett.no)
AM_INIT_AUTOMAKE
AC_PROG_CC
AM_PROG_CC_C_O
diff --git a/radsecproxy.c b/radsecproxy.c
index e837e49..935b192 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -3216,7 +3216,7 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *pretend, uint8
*pretend = 1;
break;
case 'v':
- debugx(0, DBG_ERR, "radsecproxy 1.1-beta");
+ debugx(0, DBG_ERR, "radsecproxy 1.1");
default:
goto usage;
}
@@ -3301,7 +3301,7 @@ int main(int argc, char **argv) {
if (!foreground && (daemon(0, 0) < 0))
debugx(1, DBG_ERR, "daemon() failed: %s", strerror(errno));
- debug(DBG_INFO, "radsecproxy 1.1-beta starting");
+ debug(DBG_INFO, "radsecproxy 1.1 starting");
sigemptyset(&sigset);
/* exit on all but SIGPIPE, ignore more? */
diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index 4a0457c..f88bfad 100644
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -1,4 +1,4 @@
-#Master config file, must be in /etc/radsecproxy or proxy's current directory
+#Master config file, must be in /etc/radsecproxy or specified with -c option
# All possible config options are listed below
# First you may define any global options, these are:
@@ -9,6 +9,12 @@
#listenUDP localhost
#listenTCP 10.10.10.10:2084
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
+# To listen to the default or other Accounting port for UDP you need e.g.
+#ListenAccountingUDP *:1813
+
+# To specify a certain address/port for UDP/TLS requests you can use e.g.
+#SourceUDP 127.0.0.1:33000
+#SourceTCP *:33001
# Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3
#Optional LogDestinatinon, else stderr used for logging
@@ -20,6 +26,9 @@
#LogDestination x-syslog:///
#LogDestination x-syslog:///log_local2
+#There is an option for doing some simple loop prevention
+#LoopPrevention on
+
#If we have TLS clients or servers we must define at least one tls block.
#You can name them whatever you like and then reference them by name when
#specifying clients or servers later. There are however three special names
@@ -40,6 +49,8 @@ tls default {
CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem
# Optionally specify password if key is encrypted (not very secure)
CertificateKeyPassword "follow the white rabbit"
+ # Optionally enable CRL checking
+ # CRLCheck on
}
#If you want one cert for all clients and another for all servers, use
@@ -85,6 +96,8 @@ server 127.0.0.1 {
}
realm eduroam.cc {
server 127.0.0.1
+# If also want to use this server for accounting, specify
+# accountingServer 127.0.0.1
}
server 2001:db8::1 {
@@ -110,12 +123,13 @@ realm /@example\.com$ {
}
# One can define a realm without servers, the proxy will then reject
# and requests matching this. Optionally one can specify ReplyMessage
-# attribute to be included in the reject message.
-#
+# attribute to be included in the reject message. One can also use
+# AccountingResponse option to specify that the proxy should send such.
realm /\.com$ {
}
realm /^anonymous$ {
replymessage "No Access"
+# AccountingResponse On
}
# The realm below is equivalent to /.*
realm * {
diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5
index 6d538da..4d95717 100644
--- a/radsecproxy.conf.5
+++ b/radsecproxy.conf.5
@@ -1,4 +1,4 @@
-.TH radsecproxy.conf 5 "14 May 2008"
+.TH radsecproxy.conf 5 "23 July 2008"
.SH "NAME"
radsecproxy.conf - Radsec proxy configuration file