radsecproxy.1 3.16 KB
Newer Older
1
.TH radsecproxy 1 "1 Jun 2010"
venaas's avatar
venaas committed
2 3 4 5 6

.SH "NAME"
radsecproxy - a generic RADIUS proxy that provides both RADIUS UDP and TCP/TLS (RadSec) transport.

.SH "SYNOPSIS"
7
.HP 12
8
radsecproxy [\-c configfile] [\-d debuglevel] [\-f] [\-i pidfile] [\-p] [\-v]
venaas's avatar
venaas committed
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
.sp

.SH "DESCRIPTION"
radsecproxy is a \fBgeneric RADIUS proxy\fR that in addition to to
usual \fBRADIUS UDP\fR transport, also supports \fBTLS (RadSec)\fR. The
aim is for the proxy to have sufficient features to be flexible,
while at the same time to be small, efficient and easy to configure.
Currently the executable on Linux is only about \fI48 KB\fR, and it uses
about \fI64 KB\fR (depending on the number of peers) while running.
.sp
The proxy was initially made to be able to deploy \fBRadSec\fR (RADIUS
over TLS) so that all RADIUS communication across network links
could be done using TLS, without modifying existing RADIUS software.
This can be done by running this proxy on the same host as an existing
RADIUS server or client, and configure the existing client/server to
talk to localhost (the proxy) rather than other clients and servers
directly.
.sp
venaas's avatar
venaas committed
27
There are however other situations where a RADIUS proxy might be
venaas's avatar
venaas committed
28 29 30
useful. Some people deploy RADIUS topologies where they want to
route RADIUS messages to the right server. The nodes that do purely
routing could be using a proxy. Some people may also wish to deploy
venaas's avatar
venaas committed
31
a proxy on a site boundary. Since the proxy \fBsupports both IPv4
venaas's avatar
venaas committed
32 33 34
and IPv6\fR, it could also be used to allow communication in cases
where some RADIUS nodes use only IPv4 and some only IPv6.

35
.SH "OPTIONS"
venaas's avatar
venaas committed
36
.TP
37
.B \-f
venaas's avatar
venaas committed
38 39 40 41 42 43 44
.sp
\fIRun in foreground\fR
.sp
By specifying this option, the proxy will run in foreground mode. That
is, it won't detach. Also all logging will be done to stderr.

.TP
45
.B \-d <debug level>
venaas's avatar
venaas committed
46 47 48
.sp
\fIDebug level\fR
.sp
49 50
This specifies the debug level. It must be set to 1, 2, 3, 4 or 5, where
1 logs only serious errors, and 5 logs everything. The default is 2 which
51
logs errors, warnings and a few informational messages.
venaas's avatar
venaas committed
52

venaas's avatar
venaas committed
53
.TP
54
.B \-p
venaas's avatar
venaas committed
55 56 57 58 59 60 61 62 63
.sp
\fIPretend\fR
.sp
The proxy reads configuration files and performs initialisation as
usual, but exits prior to creating any sockets. It will return different
exit codes depending on whether the configuration files are okay. This
may be used to verify configuration files, and can be done while another
instance is running.

venaas's avatar
venaas committed
64
.TP
65
.B \-v
venaas's avatar
venaas committed
66 67 68 69 70 71 72
.sp
\fIPrint version\fR
.sp
When this option is specified, the proxy will simply print version
information and exit.

.TP
73
.B \-c <config file path>
venaas's avatar
venaas committed
74 75 76 77 78 79
.sp
\fIConfig file path\fR
.sp
This option allows you to specify which config file to use. This is useful
if you want to use a config file that is not in any of the default locations.

80
.TP
81
.B \-i <pid file path>
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
.sp
\fIPID file path\fR
.sp
This option tells the proxy to create a PID file with the specified path.

.SH "SIGNALS"
The proxy generally exits on all signals. The exceptions are listed below.

.TP
.B SIGHUP
.sp
When logging to a file, this signal forces a reopen of the log file.

.TP
.B SIGPIPE
.sp
This signal is ignored.

.SH "FILES"
.TP
.B /etc/radsecproxy.conf
.sp
The default configuration file.

venaas's avatar
venaas committed
106
.SH "SEE ALSO"
venaas's avatar
venaas committed
107 108
radsecproxy.conf(5), RadSec internet draft
http://tools.ietf.org/html/draft-ietf-radext-radsec