matchCertificateAttribute now also supports CN matching
Forwarding of accounting messages, accountingServer option for realms
Supports multiple client blocks for same source address with different
- certificate checks
+ certificate checks
Removed weekday from log timestamps
2008-07-24 1.1
- Logging stationid attribute
- Added LoopPrevention option
- Failover also without status-server
- Options for RetryCount and RetryInterval
- Working accounting and AccountingResponse option
+ Logging stationid attribute
+ Added LoopPrevention option
+ Failover also without status-server
+ Options for RetryCount and RetryInterval
+ Working accounting and AccountingResponse option
CRL checking and option for enabling it
+2008-10-07 1.2
+ listenTCP and sourceTCP options renamed to listenTLS and sourceTLS
+ Old options deprecated but available for backwards compatiblity
+ Logging reply-message attribute from Reject messages
+ Contribution from Arne Schwabe
+ Rewrite blocks have new options addAttribute and modifyAttribute
+ rewriteIn (replacing rewrite) and rewriteOut in client and server
+ blocks for specifying rewrite on input/output. rewrite deprecated
+ but available as an alias for rewriteIn for backwards compatibility.
+ rewritein rewriteout rewrite
+ regular expressions in realms etc can now be more advanced, including
+ use of "or".
+ cacheExpiry option in tls blocks for specifying expiry time for the
+ cache of CA certificates and CRLs. This is particularly useful for
+ regularly updating CRLs.
+ Some logging has been made more informative
+
+Additional features in devel-20081006
+ Support for TCP and DTLS transports (type tcp, type dtls)
+ Listen... options can be specified multiple times
+ Dynamic server discovery
+ DuplicateInterval option in client block for specifying for how
+ long a request/reply shall be stored for duplicate detection
-This is a revision from the radsecproxy 1.2 devel branch.
+This is a revision from the radsecproxy 2.0 devel branch.
radsecproxy is a generic RADIUS proxy that can support various
RADIUS clients over UDP or TLS (RadSec).
For more information, feedback etc. please see the information
at http://software.uninett.no/radsecproxy/
-Stig Venaas <venaas@uninett.no> -- 2008.05.14
+Stig Venaas <venaas@uninett.no> -- 2008.10.07
# Max one of each, below are just multiple examples
#ListenUDP *:1814
#listenUDP localhost
-#listenTCP 10.10.10.10:2084
-#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
+#ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812
+#listenTLS 10.10.10.10:2084
+#ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
+#ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084
# To listen to the default or other Accounting port for UDP you need e.g.
#ListenAccountingUDP *:1813
# To specify a certain address/port for UDP/TLS requests you can use e.g.
#SourceUDP 127.0.0.1:33000
-#SourceTCP *:33001
+#SourceTCP *:33000
+#SourceTLS *:33001
+#SourceDTLS *:33001
# Optional log level. 3 is default, 1 is less, 4 is more
#LogLevel 3
#Optional LogDestinatinon, else stderr used for logging
CertificateKeyPassword "follow the white rabbit"
# Optionally enable CRL checking
# CRLCheck on
+ # Optionally specify how long CAs and CRLs are cached, default forever
+ # CacheExpiry 3600
}
#If you want one cert for all clients and another for all servers, use
#To treat local users separately you might try first specifying "@"
#and after that "*".
+# Configure a rewrite block if you want to add/remove/modify attributes
+# rewrite example {
+# removeAttribute 5
+# removeVendorAttribute 99:100
+# addAttribute 4 attribute%20value
+# modifyAttribute 1:/^(.*)@local$/$1@example.com/
+# }
+
client 2001:db8::1 {
type tls
secret verysecret
client 127.0.0.1 {
type udp
secret secret
+# Might do rewriting of incoming messages using rewrite block example
+# rewriteIn example
+# Can also do rewriting of outgoing messages
+# rewriteOut example
+}
+client 127.0.0.1 {
+ type tcp
+ secret secret
}
client radius.example.com {
- type TLS
+ type tls
# secret is optional for TLS
}
+client radius.example.com {
+ type dtls
+# secret is optional for DTLS
+}
server 127.0.0.1 {
type UDP
secret secret
+# Might do rewriting of incoming messages using rewrite block example
+# rewriteIn example
+# Can also do rewriting of outgoing messages
+# rewriteOut example
}
realm eduroam.cc {
server 127.0.0.1
StatusServer on
# statusserver is optional, can be on or off. Off is default
}
+#server radius.example.com {
+# type dtls
+# secret verysecret
+# StatusServer on
+## statusserver is optional, can be on or off. Off is default
+#}
# Equivalent to example.com
realm /@example\.com$ {
projects / libradsec.git / commitdiff