Commit ad2e513b authored by venaas's avatar venaas Committed by venaas

preparing for release of 1.1

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@326 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent 5c3072c3
...@@ -17,3 +17,10 @@ ...@@ -17,3 +17,10 @@
Supports multiple client blocks for same source address with different Supports multiple client blocks for same source address with different
certificate checks certificate checks
Removed weekday from log timestamps Removed weekday from log timestamps
2008-07-24 1.1
Logging stationid attribute
Added LoopPrevention option
Failover also without status-server
Options for RetryCount and RetryInterval
Working accounting and AccountingResponse option
CRL checking and option for enabling it
#Master config file, must be in /etc/radsecproxy or proxy's current directory #Master config file, must be in /etc/radsecproxy or specified with -c option
# All possible config options are listed below # All possible config options are listed below
# First you may define any global options, these are: # First you may define any global options, these are:
...@@ -9,6 +9,12 @@ ...@@ -9,6 +9,12 @@
#listenUDP localhost #listenUDP localhost
#listenTCP 10.10.10.10:2084 #listenTCP 10.10.10.10:2084
#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084 #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
# To listen to the default or other Accounting port for UDP you need e.g.
#ListenAccountingUDP *:1813
# To specify a certain address/port for UDP/TLS requests you can use e.g.
#SourceUDP 127.0.0.1:33000
#SourceTCP *:33001
# Optional log level. 3 is default, 1 is less, 4 is more # Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3 #LogLevel 3
#Optional LogDestinatinon, else stderr used for logging #Optional LogDestinatinon, else stderr used for logging
...@@ -20,6 +26,9 @@ ...@@ -20,6 +26,9 @@
#LogDestination x-syslog:/// #LogDestination x-syslog:///
#LogDestination x-syslog:///log_local2 #LogDestination x-syslog:///log_local2
#There is an option for doing some simple loop prevention
#LoopPrevention on
#If we have TLS clients or servers we must define at least one tls block. #If we have TLS clients or servers we must define at least one tls block.
#You can name them whatever you like and then reference them by name when #You can name them whatever you like and then reference them by name when
#specifying clients or servers later. There are however three special names #specifying clients or servers later. There are however three special names
...@@ -40,6 +49,8 @@ tls default { ...@@ -40,6 +49,8 @@ tls default {
CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem
# Optionally specify password if key is encrypted (not very secure) # Optionally specify password if key is encrypted (not very secure)
CertificateKeyPassword "follow the white rabbit" CertificateKeyPassword "follow the white rabbit"
# Optionally enable CRL checking
# CRLCheck on
} }
#If you want one cert for all clients and another for all servers, use #If you want one cert for all clients and another for all servers, use
...@@ -85,6 +96,8 @@ server 127.0.0.1 { ...@@ -85,6 +96,8 @@ server 127.0.0.1 {
} }
realm eduroam.cc { realm eduroam.cc {
server 127.0.0.1 server 127.0.0.1
# If also want to use this server for accounting, specify
# accountingServer 127.0.0.1
} }
server 2001:db8::1 { server 2001:db8::1 {
...@@ -110,12 +123,13 @@ realm /@example\.com$ { ...@@ -110,12 +123,13 @@ realm /@example\.com$ {
} }
# One can define a realm without servers, the proxy will then reject # One can define a realm without servers, the proxy will then reject
# and requests matching this. Optionally one can specify ReplyMessage # and requests matching this. Optionally one can specify ReplyMessage
# attribute to be included in the reject message. # attribute to be included in the reject message. One can also use
# # AccountingResponse option to specify that the proxy should send such.
realm /\.com$ { realm /\.com$ {
} }
realm /^anonymous$ { realm /^anonymous$ {
replymessage "No Access" replymessage "No Access"
# AccountingResponse On
} }
# The realm below is equivalent to /.* # The realm below is equivalent to /.*
realm * { realm * {
......
.TH radsecproxy.conf 5 "14 May 2008" .TH radsecproxy.conf 5 "23 July 2008"
.SH "NAME" .SH "NAME"
radsecproxy.conf - Radsec proxy configuration file radsecproxy.conf - Radsec proxy configuration file
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment