Commit 045e082e authored by venaas's avatar venaas Committed by venaas

updates to readme/changelog etc

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@424 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 47cef5d9
......@@ -15,12 +15,35 @@
matchCertificateAttribute now also supports CN matching
Forwarding of accounting messages, accountingServer option for realms
Supports multiple client blocks for same source address with different
certificate checks
certificate checks
Removed weekday from log timestamps
2008-07-24 1.1
Logging stationid attribute
Added LoopPrevention option
Failover also without status-server
Options for RetryCount and RetryInterval
Working accounting and AccountingResponse option
Logging stationid attribute
Added LoopPrevention option
Failover also without status-server
Options for RetryCount and RetryInterval
Working accounting and AccountingResponse option
CRL checking and option for enabling it
2008-10-07 1.2
listenTCP and sourceTCP options renamed to listenTLS and sourceTLS
Old options deprecated but available for backwards compatiblity
Logging reply-message attribute from Reject messages
Contribution from Arne Schwabe
Rewrite blocks have new options addAttribute and modifyAttribute
rewriteIn (replacing rewrite) and rewriteOut in client and server
blocks for specifying rewrite on input/output. rewrite deprecated
but available as an alias for rewriteIn for backwards compatibility.
rewritein rewriteout rewrite
regular expressions in realms etc can now be more advanced, including
use of "or".
cacheExpiry option in tls blocks for specifying expiry time for the
cache of CA certificates and CRLs. This is particularly useful for
regularly updating CRLs.
Some logging has been made more informative
Additional features in devel-20081006
Support for TCP and DTLS transports (type tcp, type dtls)
Listen... options can be specified multiple times
Dynamic server discovery
DuplicateInterval option in client block for specifying for how
long a request/reply shall be stored for duplicate detection
This is a revision from the radsecproxy 1.2 devel branch.
This is a revision from the radsecproxy 2.0 devel branch.
radsecproxy is a generic RADIUS proxy that can support various
RADIUS clients over UDP or TLS (RadSec).
......@@ -37,4 +37,4 @@ let me know if you feel left out.
For more information, feedback etc. please see the information
at http://software.uninett.no/radsecproxy/
Stig Venaas <venaas@uninett.no> -- 2008.05.14
Stig Venaas <venaas@uninett.no> -- 2008.10.07
......@@ -7,14 +7,18 @@
# Max one of each, below are just multiple examples
#ListenUDP *:1814
#listenUDP localhost
#listenTCP 10.10.10.10:2084
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812
#listenTLS 10.10.10.10:2084
#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
#ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
# To listen to the default or other Accounting port for UDP you need e.g.
#ListenAccountingUDP *:1813
# To specify a certain address/port for UDP/TLS requests you can use e.g.
#SourceUDP 127.0.0.1:33000
#SourceTCP *:33001
#SourceTCP *:33000
#SourceTLS *:33001
#SourceDTLS *:33001
# Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3
#Optional LogDestinatinon, else stderr used for logging
......@@ -51,6 +55,8 @@ tls default {
CertificateKeyPassword "follow the white rabbit"
# Optionally enable CRL checking
# CRLCheck on
# Optionally specify how long CAs and CRLs are cached, default forever
# CacheExpiry 3600
}
#If you want one cert for all clients and another for all servers, use
......@@ -72,6 +78,14 @@ tls default {
#To treat local users separately you might try first specifying "@"
#and after that "*".
# Configure a rewrite block if you want to add/remove/modify attributes
# rewrite example {
# removeAttribute 5
# removeVendorAttribute 99:100
# addAttribute 4 attribute%20value
# modifyAttribute 1:/^(.*)@local$/$1@example.com/
# }
client 2001:db8::1 {
type tls
secret verysecret
......@@ -84,15 +98,31 @@ client 2001:db8::1 {
client 127.0.0.1 {
type udp
secret secret
# Might do rewriting of incoming messages using rewrite block example
# rewriteIn example
# Can also do rewriting of outgoing messages
# rewriteOut example
}
client 127.0.0.1 {
type tcp
secret secret
}
client radius.example.com {
type TLS
type tls
# secret is optional for TLS
}
client radius.example.com {
type dtls
# secret is optional for DTLS
}
server 127.0.0.1 {
type UDP
secret secret
# Might do rewriting of incoming messages using rewrite block example
# rewriteIn example
# Can also do rewriting of outgoing messages
# rewriteOut example
}
realm eduroam.cc {
server 127.0.0.1
......@@ -116,6 +146,12 @@ server radius.example.com {
StatusServer on
# statusserver is optional, can be on or off. Off is default
}
#server radius.example.com {
# type dtls
# secret verysecret
# StatusServer on
## statusserver is optional, can be on or off. Off is default
#}
# Equivalent to example.com
realm /@example\.com$ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment