diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | radsecproxy.conf-example | 24 |
2 files changed, 22 insertions, 3 deletions
@@ -40,3 +40,4 @@ cache of CA certificates and CRLs. This is particularly useful for regularly updating CRLs. Some logging has been made more informative + Allowing %xx notation (as in URLs) for writing characters in hex diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index f88bfad..44e4a7a 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -7,14 +7,14 @@ # Max one of each, below are just multiple examples #ListenUDP *:1814 #listenUDP localhost -#listenTCP 10.10.10.10:2084 -#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084 +#listenTLS 10.10.10.10:2084 +#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 # To listen to the default or other Accounting port for UDP you need e.g. #ListenAccountingUDP *:1813 # To specify a certain address/port for UDP/TLS requests you can use e.g. #SourceUDP 127.0.0.1:33000 -#SourceTCP *:33001 +#SourceTLS *:33001 # Optional log level. 3 is default, 1 is less, 4 is more #LogLevel 3 #Optional LogDestinatinon, else stderr used for logging @@ -51,6 +51,8 @@ tls default { CertificateKeyPassword "follow the white rabbit" # Optionally enable CRL checking # CRLCheck on + # Optionally specify how long CAs and CRLs are cached, default forever + # CacheExpiry 3600 } #If you want one cert for all clients and another for all servers, use @@ -72,6 +74,14 @@ tls default { #To treat local users separately you might try first specifying "@" #and after that "*". +# Configure a rewrite block if you want to add/remove/modify attributes +# rewrite example { +# removeAttribute 5 +# removeVendorAttribute 99:100 +# addAttribute 4 attribute%20value +# modifyAttribute 1:/^(.*)@local$/$1@example.com/ +# } + client 2001:db8::1 { type tls secret verysecret @@ -84,6 +94,10 @@ client 2001:db8::1 { client 127.0.0.1 { type udp secret secret +# Might do rewriting of incoming messages using rewrite block example +# rewriteIn example +# Can also do rewriting of outgoing messages +# rewriteOut example } client radius.example.com { type TLS @@ -93,6 +107,10 @@ client radius.example.com { server 127.0.0.1 { type UDP secret secret +# Might do rewriting of incoming messages using rewrite block example +# rewriteIn example +# Can also do rewriting of outgoing messages +# rewriteOut example } realm eduroam.cc { server 127.0.0.1 |