X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf.5.xml;h=bfc701e72abb4ce6a6ccbdd6625300ac308f2779;hb=a35931ff6bf382ace123d2649e1a660c522a640c;hp=406f2bf4dec82a931385bf4b3b9569510a213c62;hpb=1080f966ba0fa083696b22f5d8095de49ce9730a;p=libradsec.git
diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml
index 406f2bf..bfc701e 100644
--- a/radsecproxy.conf.5.xml
+++ b/radsecproxy.conf.5.xml
@@ -98,7 +98,7 @@ blocktype name {
There is one special option that can be used both as a basic
option and inside all blocks. That is the option
- include where the value specifies files to be
+ Include where the value specifies files to be
included. The value can be a single file, or it can use normal
shell globbing to specify multiple files, e.g.:
@@ -110,7 +110,7 @@ blocktype name {
the order they are specified, when reaching the end of a file,
the next file is read. When reaching the end of the last
included file, the proxy returns to read the next line following
- the include option. Included files may again
+ the Include option. Included files may again
include other files.
@@ -126,7 +126,7 @@ blocktype name {
- logLevel
+ LogLevel
This option specifies the debug level. It must be set to
@@ -138,7 +138,7 @@ blocktype name {
- logDestination
+ LogDestination
This specifies where the log messages should go. By
@@ -168,8 +168,64 @@ blocktype name {
+
- listenUDP
+ FTicksReporting
+
+
+ The FTicksReporting option is used to enable F-Ticks
+ logging and can be set to None,
+ Basic or Full. Its
+ default value is None.
+
+ See radsecproxy.conf-example for
+ details. Note that radsecproxy has to be configured with
+ support for F-Ticks (--enable-fticks)
+ for this option to have any effect.
+
+
+
+
+
+ FTicksMAC
+
+
+ The FTicksMAC option can be used to control if and how
+ Calling-Station-Id is being logged. It can be set to one
+ of Static, Original,
+ VendorHashed,
+ VendorKeyHashed,
+ FullyHashed or
+ FullyKeyHashed.
+
+ Its default value is Static.
+
+ See radsecproxy.conf-example for
+ details. Note that radsecproxy has to be configured with
+ support for F-Ticks (--enable-fticks)
+ for this option to have any effect.
+
+
+
+
+
+ FTicksKey
+
+
+ The FTicksKey option is used to specify the key to use
+ when producing HMAC's as an effect of specifying
+ VendorKeyHashed or FullyKeyHashed for the FTicksMAC
+ option.
+
+ Note that radsecproxy has to be configured with support
+ for F-Ticks (--enable-fticks) for this
+ option to have any effect.
+
+
+
+
+
+ ListenUDP
Normally the proxy will listen to the standard RADIUS UDP
@@ -194,10 +250,10 @@ blocktype name {
- listenTCP
+ ListenTCP
- This option is similar to the listenUDP
+ This option is similar to the ListenUDP
option, except that it is used for receiving connections
from TCP clients. The default port number is
1812.
@@ -205,22 +261,22 @@ blocktype name {
- listenTLS
+ ListenTLS
- This is similar to the listenUDP
+ This is similar to the ListenUDP
option, except that it is used for receiving connections
from TLS clients. The default port number is
2083. Note that this option was
- previously called listenTCP.
+ previously called ListenTCP.
- listenDTLS
+ ListenDTLS
- This is similar to the listenUDP
+ This is similar to the ListenUDP
option, except that it is used for receiving connections
from DTLS clients. The default port number is
2083.
@@ -228,7 +284,7 @@ blocktype name {
- sourceUDP
+ SourceUDP
This can be used to specify source address and/or source
@@ -238,7 +294,7 @@ blocktype name {
- sourceTCP
+ SourceTCP
This can be used to specify source address and/or source
@@ -247,7 +303,7 @@ blocktype name {
- sourceTLS
+ SourceTLS
This can be used to specify source address and/or source
@@ -256,7 +312,7 @@ blocktype name {
- sourceDTLS
+ SourceDTLS
This can be used to specify source address and/or source
@@ -278,13 +334,13 @@ blocktype name {
- addTTL
+ AddTTL
If a TTL attribute is present, the proxy will decrement
the value and discard the message if zero. Normally the
proxy does nothing if no TTL attribute is present. If you
- use the addTTL option with a value 1-255, the proxy will
+ use the AddTTL option with a value 1-255, the proxy will
when forwarding a message with no TTL attribute, add one
with the specified value. Note that this option can also
be specified for a client/server. It will then override
@@ -294,7 +350,7 @@ blocktype name {
- loopPrevention
+ LoopPrevention
This can be set to on or
@@ -310,7 +366,7 @@ blocktype name {
- include
+ Include
This is not a normal configuration option; it can be
@@ -386,9 +442,9 @@ blocktype name {
secret, tls,
certificateNameCheck,
matchCertificateAttribute,
- duplicateInterval, addTTL,
- rewrite, rewriteIn,
- rewriteOut and
+ duplicateInterval, AddTTL,
+ fticksVISCOUNTRY, rewrite,
+ rewriteIn, rewriteOut, and
rewriteAttribute.
We already discussed the host option. The
@@ -438,12 +494,17 @@ blocktype name {
one), or returned a copy of the previous reply.
- The addTTL option is similar to the
- addTTL option used in the basic config. See
+ The AddTTL option is similar to the
+ AddTTL option used in the basic config. See
that for details. Any value configured here overrides the basic
one when sending messages to this client.
+ The fticksVISCOUNTRY option configures
+ clients eligible to F-Ticks logging as defined by the
+ FTicksReporting basic option.
+
+
The rewrite option is deprecated. Use
rewriteIn instead.
@@ -525,12 +586,12 @@ blocktype name {
type, secret,
tls, certificateNameCheck,
matchCertificateAttribute,
- addTTL, rewrite,
+ AddTTL, rewrite,
rewriteIn, rewriteOut,
statusServer, retryCount,
retryInterval,
dynamicLookupCommand and
- loopPrevention.
+ LoopPrevention.
We already discussed the host option. The
@@ -539,7 +600,7 @@ blocktype name {
secret, tls,
certificateNameCheck,
matchCertificateAttribute,
- addTTL, rewrite,
+ AddTTL, rewrite,
rewriteIn and rewriteOut
are just as specified for the client block
above, except that defaultServer (and not
@@ -570,7 +631,7 @@ blocktype name {
documented separately/later.
- Using the loopPrevention option here
+ Using the LoopPrevention option here
overrides any basic setting of this option. See section
BASIC OPTIONS for details on this option.