4 # Example configuration for ABFAB listening on TLS.
16 clients = radsec-abfab
18 private_key_password = whatever
21 private_key_password = whatever
24 # Moonshot tends to distribute certs separate from keys
25 private_key_file = ${certdir}/server.key
26 certificate_file = ${certdir}/server.pem
27 ca_file = ${cadir}/ca.pem
28 dh_file = ${certdir}/dh
31 cipher_list = "DEFAULT"
39 require_client_cert = yes
42 psk_query = "%{psksql:select hex(key) from psk_keys where keyid = '%{tls-psk-identity}';}"
44 virtual_server = abfab-idp
46 clients radsec-abfab {
60 require_client_cert = yes
64 psk_query = "%{psksql:select hex(key) from psk_keys where keyid = '%{TLS-PSK-Udentity}'}"
67 virtual_server = abfab-idp
69 clients = radsec-abfab
72 clients radsec-abfab {
74 # Allow all clients, but require TLS.