summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2008-10-07 08:47:11 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2008-10-07 08:47:11 +0000
commit7f023c0ce7a4381afddec7524162e0add4ecbedc (patch)
treeea3d4135120f30bb8f9f6d08df47870f45987575
parentdaaa2633d0103a7bc876cefb21c28c52ecaef8ec (diff)
updating ChangeLog and config example
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/branches/release-1.2@421 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--ChangeLog1
-rw-r--r--radsecproxy.conf-example24
2 files changed, 22 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 4dcf97e..27fae7c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,3 +40,4 @@
cache of CA certificates and CRLs. This is particularly useful for
regularly updating CRLs.
Some logging has been made more informative
+ Allowing %xx notation (as in URLs) for writing characters in hex
diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index f88bfad..44e4a7a 100644
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -7,14 +7,14 @@
# Max one of each, below are just multiple examples
#ListenUDP *:1814
#listenUDP localhost
-#listenTCP 10.10.10.10:2084
-#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
+#listenTLS 10.10.10.10:2084
+#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
# To listen to the default or other Accounting port for UDP you need e.g.
#ListenAccountingUDP *:1813
# To specify a certain address/port for UDP/TLS requests you can use e.g.
#SourceUDP 127.0.0.1:33000
-#SourceTCP *:33001
+#SourceTLS *:33001
# Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3
#Optional LogDestinatinon, else stderr used for logging
@@ -51,6 +51,8 @@ tls default {
CertificateKeyPassword "follow the white rabbit"
# Optionally enable CRL checking
# CRLCheck on
+ # Optionally specify how long CAs and CRLs are cached, default forever
+ # CacheExpiry 3600
}
#If you want one cert for all clients and another for all servers, use
@@ -72,6 +74,14 @@ tls default {
#To treat local users separately you might try first specifying "@"
#and after that "*".
+# Configure a rewrite block if you want to add/remove/modify attributes
+# rewrite example {
+# removeAttribute 5
+# removeVendorAttribute 99:100
+# addAttribute 4 attribute%20value
+# modifyAttribute 1:/^(.*)@local$/$1@example.com/
+# }
+
client 2001:db8::1 {
type tls
secret verysecret
@@ -84,6 +94,10 @@ client 2001:db8::1 {
client 127.0.0.1 {
type udp
secret secret
+# Might do rewriting of incoming messages using rewrite block example
+# rewriteIn example
+# Can also do rewriting of outgoing messages
+# rewriteOut example
}
client radius.example.com {
type TLS
@@ -93,6 +107,10 @@ client radius.example.com {
server 127.0.0.1 {
type UDP
secret secret
+# Might do rewriting of incoming messages using rewrite block example
+# rewriteIn example
+# Can also do rewriting of outgoing messages
+# rewriteOut example
}
realm eduroam.cc {
server 127.0.0.1