raddb/sites-available/abfab-tls

   1 <<<<<<< HEAD
   2 =======
   3 #
   4 #       Example configuration for ABFAB listening on TLS.
   5 #
   6 #       $Id$
   7 #
   8 >>>>>>> v3.0.x
   9 listen {
  10         ipaddr = *
  11         port = 2083
  12         type = auth
  13         proto = tcp
  14
  15 <<<<<<< HEAD
  16         clients = radsec-abfab
  17         tls {
  18                 private_key_password = whatever
  19 =======
  20         tls {
  21                 private_key_password = whatever
  22
  23 >>>>>>> v3.0.x
  24                 # Moonshot tends to distribute certs separate from keys
  25                 private_key_file = ${certdir}/server.key
  26                 certificate_file = ${certdir}/server.pem
  27                 ca_file = ${cadir}/ca.pem
  28                 dh_file = ${certdir}/dh
  29                 fragment_size = 8192
  30                 ca_path = ${cadir}
  31                 cipher_list = "DEFAULT"
  32 <<<<<<< HEAD
  33                 cache {
  34                   enable = no
  35                   lifetime = 24 # hours
  36                   max_entries = 255
  37                   }
  38
  39                   require_client_cert = yes
  40                   verify {
  41         }
  42                   psk_query = "%{psksql:select hex(key) from psk_keys where keyid = '%{tls-psk-identity}';}"
  43                 }
  44         virtual_server = abfab-idp
  45 }
  46         clients radsec-abfab {
  47                 client default {
  48                         ipaddr = 0.0.0.0/0
  49
  50                         proto = tls
  51
  52 =======
  53
  54                 cache {
  55                         enable = no
  56                         lifetime = 24 # hours
  57                         max_entries = 255
  58                 }
  59
  60                 require_client_cert = yes
  61                 verify {
  62                 }
  63
  64                 psk_query = "%{psksql:select hex(key) from psk_keys where keyid = '%{TLS-PSK-Udentity}'}"
  65         }
  66
  67         virtual_server = abfab-idp
  68
  69         clients = radsec-abfab
  70 }
  71
  72 clients radsec-abfab {
  73         #
  74         #  Allow all clients, but require TLS.
  75         #
  76         client default {
  77                 ipaddr = 0.0.0.0/0
  78                 proto = tls
  79 >>>>>>> v3.0.x
  80         }
  81 }