Commit ad2e513b authored by venaas's avatar venaas Committed by venaas

preparing for release of 1.1

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@326 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 5c3072c3
......@@ -17,3 +17,10 @@
Supports multiple client blocks for same source address with different
certificate checks
Removed weekday from log timestamps
2008-07-24 1.1
Logging stationid attribute
Added LoopPrevention option
Failover also without status-server
Options for RetryCount and RetryInterval
Working accounting and AccountingResponse option
CRL checking and option for enabling it
#Master config file, must be in /etc/radsecproxy or proxy's current directory
#Master config file, must be in /etc/radsecproxy or specified with -c option
# All possible config options are listed below
# First you may define any global options, these are:
......@@ -9,6 +9,12 @@
#listenUDP localhost
#listenTCP 10.10.10.10:2084
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
# To listen to the default or other Accounting port for UDP you need e.g.
#ListenAccountingUDP *:1813
# To specify a certain address/port for UDP/TLS requests you can use e.g.
#SourceUDP 127.0.0.1:33000
#SourceTCP *:33001
# Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3
#Optional LogDestinatinon, else stderr used for logging
......@@ -20,6 +26,9 @@
#LogDestination x-syslog:///
#LogDestination x-syslog:///log_local2
#There is an option for doing some simple loop prevention
#LoopPrevention on
#If we have TLS clients or servers we must define at least one tls block.
#You can name them whatever you like and then reference them by name when
#specifying clients or servers later. There are however three special names
......@@ -40,6 +49,8 @@ tls default {
CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem
# Optionally specify password if key is encrypted (not very secure)
CertificateKeyPassword "follow the white rabbit"
# Optionally enable CRL checking
# CRLCheck on
}
#If you want one cert for all clients and another for all servers, use
......@@ -85,6 +96,8 @@ server 127.0.0.1 {
}
realm eduroam.cc {
server 127.0.0.1
# If also want to use this server for accounting, specify
# accountingServer 127.0.0.1
}
server 2001:db8::1 {
......@@ -110,12 +123,13 @@ realm /@example\.com$ {
}
# One can define a realm without servers, the proxy will then reject
# and requests matching this. Optionally one can specify ReplyMessage
# attribute to be included in the reject message.
#
# attribute to be included in the reject message. One can also use
# AccountingResponse option to specify that the proxy should send such.
realm /\.com$ {
}
realm /^anonymous$ {
replymessage "No Access"
# AccountingResponse On
}
# The realm below is equivalent to /.*
realm * {
......
.TH radsecproxy.conf 5 "14 May 2008"
.TH radsecproxy.conf 5 "23 July 2008"
.SH "NAME"
radsecproxy.conf - Radsec proxy configuration file
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment