--- /dev/null
+#
+# Configuration file for the rlm_attr_filter module.
+# Please see rlm_attr_filter(5) manpage for more information.
+#
+# $Id$
+#
+# This configuration file is used to remove almost all of the
+# attributes From an Access-Challenge message. The RFC's say
+# that an Access-Challenge packet can contain only a few
+# attributes. We enforce that here.
+#
+DEFAULT
+ EAP-Message =* ANY,
+ State =* ANY,
+ Message-Authenticator =* ANY,
+ Reply-Message =* ANY,
+ Proxy-State =* ANY,
+ Session-Timeout =* ANY,
+ Idle-Timeout =* ANY
attrsfile = ${confdir}/attrs.access_reject
}
+# Enforce RFC requirements on the contents of Access-Reject
+# packets. See the comments at the top of the file for
+# more details.
+#
+attr_filter attr_filter_access_challenge {
+ key = %{User-Name}
+ attrsfile = ${confdir}/attrs.access_challenge
+}
+
+
# Enforce RFC requirements on the contents of the
# Accounting-Response packets. See the comments at the
# top of the file for more details.