Commit d04d8d0f authored by venaas's avatar venaas Committed by venaas
Browse files

updated docs

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@433 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent a76b86dd
......@@ -5,7 +5,7 @@
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
.TH "radsecproxy.conf " 5 2008-10-16 "radsecproxy devel 2008-10-16" ""
.TH "radsecproxy.conf " 5 2008-11-05 "radsecproxy devel 2008-11-05" ""
.SH NAME
radsecproxy.conf
\- Radsec proxy configuration file
......@@ -171,6 +171,21 @@ will use for TLS connections.
This can be used to specify source address and/or source port that the proxy
will use for DTLS connections.
.TP
\*(T<TTLAttribute\*(T>
This can be used to change the default TTL attribute. Only change this if
you know what you are doing. The syntax is either a numerical value
denoting the TTL attribute, or two numerical values separated by column
specifying a vendor attribute, i.e. \*(T<vendorid:attribute\*(T>.
.TP
\*(T<addTTL\*(T>
If a TTL attribute is present, the proxy will decrement the value and
discard the message if zero. Normally the proxy does nothing if no TTL
attribute is present. If you use the addTTL option with a value 1-255,
the proxy will when forwarding a message with no TTL attribute, add one
with the specified value. Note that this option can also be specified
for a client/server. It will then override this setting when forwarding
a message to that client/server.
.TP
\*(T<loopPrevention\*(T>
This can be set to \*(T<on\*(T> or \*(T<off\*(T> with
\*(T<off\*(T> being the default. When this is enabled, a request
......@@ -225,9 +240,10 @@ The allowed options in a client block are \*(T<host\*(T>,
\*(T<type\*(T>, \*(T<secret\*(T>, \*(T<tls\*(T>,
\*(T<certificateNameCheck\*(T>,
\*(T<matchCertificateAttribute\*(T>,
\*(T<duplicateInterval\*(T>, \*(T<rewrite\*(T>,
\*(T<rewriteIn\*(T>, \*(T<rewriteOut\*(T> and
\*(T<rewriteAttribute\*(T>. We already discussed the
\*(T<duplicateInterval\*(T>, \*(T<addTTL\*(T>,
\*(T<rewrite\*(T>, \*(T<rewriteIn\*(T>,
\*(T<rewriteOut\*(T> and \*(T<rewriteAttribute\*(T>.
We already discussed the
\*(T<host\*(T> option. The value of \*(T<type\*(T> must be
one of \*(T<udp\*(T>, \*(T<tcp\*(T>, \*(T<tls\*(T>
or \*(T<dtls\*(T>. The value of \*(T<secret\*(T> is the
......@@ -262,6 +278,11 @@ from the same client, with the same authenticator etc. The proxy will then
ignore the new request (if it is still processing the previous one), or
returned a copy of the previous reply.
.PP
The \*(T<addTTL\*(T> option is similar to the
\*(T<addTTL\*(T> option used in the basic config. See that for
details. Any value configured here overrides the basic one when sending
messages to this client.
.PP
The \*(T<rewrite\*(T> option is deprecated. Use
\*(T<rewriteIn\*(T> instead.
.PP
......@@ -309,7 +330,8 @@ administrator.
The allowed options in a server block are \*(T<host\*(T>,
\*(T<port\*(T>, \*(T<type\*(T>, \*(T<secret\*(T>,
\*(T<tls\*(T>, \*(T<certificateNameCheck\*(T>,
\*(T<matchCertificateAttribute\*(T>, \*(T<rewrite\*(T>,
\*(T<matchCertificateAttribute\*(T>, \*(T<addTTL\*(T>,
\*(T<rewrite\*(T>,
\*(T<rewriteIn\*(T>, \*(T<rewriteOut\*(T>,
\*(T<statusServer\*(T>, \*(T<retryCount\*(T>,
\*(T<retryInterval\*(T> and \*(T<dynamicLookupCommand\*(T>.
......@@ -318,7 +340,8 @@ We already discussed the \*(T<host\*(T> option. The
\*(T<port\*(T> option allows you to specify which port number the
server uses. The usage of \*(T<type\*(T>, \*(T<secret\*(T>,
\*(T<tls\*(T>, \*(T<certificateNameCheck\*(T>,
\*(T<matchCertificateAttribute\*(T>, \*(T<rewrite\*(T>,
\*(T<matchCertificateAttribute\*(T>, \*(T<addTTL\*(T>,
\*(T<rewrite\*(T>,
\*(T<rewriteIn\*(T> and \*(T<rewriteOut\*(T> are just as
specified for the \*(T<client block\*(T> above, except that
\*(T<defaultServer\*(T> (and not \*(T<defaultClient\*(T>)
......
......@@ -2,14 +2,14 @@
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry>
<refentryinfo>
<date>2008-10-16</date>
<date>2008-11-05</date>
</refentryinfo>
<refmeta>
<refentrytitle>
<application>radsecproxy.conf</application>
</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo>radsecproxy devel 2008-10-16</refmiscinfo>
<refmiscinfo>radsecproxy devel 2008-11-05</refmiscinfo>
</refmeta>
<refnamediv>
<refname>
......@@ -255,6 +255,31 @@ will use for DTLS connections.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>TTLAttribute</literal></term>
<listitem>
<para>
This can be used to change the default TTL attribute. Only change this if
you know what you are doing. The syntax is either a numerical value
denoting the TTL attribute, or two numerical values separated by column
specifying a vendor attribute, i.e. <literal>vendorid:attribute</literal>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>addTTL</literal></term>
<listitem>
<para>
If a TTL attribute is present, the proxy will decrement the value and
discard the message if zero. Normally the proxy does nothing if no TTL
attribute is present. If you use the addTTL option with a value 1-255,
the proxy will when forwarding a message with no TTL attribute, add one
with the specified value. Note that this option can also be specified
for a client/server. It will then override this setting when forwarding
a message to that client/server.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>loopPrevention</literal></term>
<listitem>
......@@ -333,9 +358,10 @@ The allowed options in a client block are <literal>host</literal>,
<literal>type</literal>, <literal>secret</literal>, <literal>tls</literal>,
<literal>certificateNameCheck</literal>,
<literal>matchCertificateAttribute</literal>,
<literal>duplicateInterval</literal>, <literal>rewrite</literal>,
<literal>rewriteIn</literal>, <literal>rewriteOut</literal> and
<literal>rewriteAttribute</literal>. We already discussed the
<literal>duplicateInterval</literal>, <literal>addTTL</literal>,
<literal>rewrite</literal>, <literal>rewriteIn</literal>,
<literal>rewriteOut</literal> and <literal>rewriteAttribute</literal>.
We already discussed the
<literal>host</literal> option. The value of <literal>type</literal> must be
one of <literal>udp</literal>, <literal>tcp</literal>, <literal>tls</literal>
or <literal>dtls</literal>. The value of <literal>secret</literal> is the
......@@ -375,6 +401,12 @@ ignore the new request (if it is still processing the previous one), or
returned a copy of the previous reply.
</para>
<para>
The <literal>addTTL</literal> option is similar to the
<literal>addTTL</literal> option used in the basic config. See that for
details. Any value configured here overrides the basic one when sending
messages to this client.
</para>
<para>
The <literal>rewrite</literal> option is deprecated. Use
<literal>rewriteIn</literal> instead.
</para>
......@@ -433,7 +465,8 @@ administrator.
The allowed options in a server block are <literal>host</literal>,
<literal>port</literal>, <literal>type</literal>, <literal>secret</literal>,
<literal>tls</literal>, <literal>certificateNameCheck</literal>,
<literal>matchCertificateAttribute</literal>, <literal>rewrite</literal>,
<literal>matchCertificateAttribute</literal>, <literal>addTTL</literal>,
<literal>rewrite</literal>,
<literal>rewriteIn</literal>, <literal>rewriteOut</literal>,
<literal>statusServer</literal>, <literal>retryCount</literal>,
<literal>retryInterval</literal> and <literal>dynamicLookupCommand</literal>.
......@@ -443,7 +476,8 @@ We already discussed the <literal>host</literal> option. The
<literal>port</literal> option allows you to specify which port number the
server uses. The usage of <literal>type</literal>, <literal>secret</literal>,
<literal>tls</literal>, <literal>certificateNameCheck</literal>,
<literal>matchCertificateAttribute</literal>, <literal>rewrite</literal>,
<literal>matchCertificateAttribute</literal>, <literal>addTTL</literal>,
<literal>rewrite</literal>,
<literal>rewriteIn</literal> and <literal>rewriteOut</literal> are just as
specified for the <literal>client block</literal> above, except that
<literal>defaultServer</literal> (and not <literal>defaultClient</literal>)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment