| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
auth statement auth {
listen ( addr-list | no );
forward addr-list;
port number ;
max-requests number ;
time-to-live number ;
request-cleanup-delay number ;
detail bool ;
strip-names bool ;
checkrad-assume-logged bool ;
password-expire-warning number ;
compare-atribute-flag character ;
trace-rules bool ;
reject-malformed-names bool ;
} ;
|
The auth statement configures the parameters of the authentication
service.
listen statement This statement determines on which addresses radiusd will listen for incoming authentication requests. Its argument is a comma-separated list of items in the form ip:port-number. ip can be either an IP address in familiar “dotted-quad” notation or a hostname. :port-number part may be omitted, in which case the default authentication port is assumed.
If the listen statement is omitted, radiusd will accept incoming
requests from any interface on the machine.
The special value no disables listening for authentication
requests.
The following example configures radius to listen for the incoming requests on the default authentication port on the address 10.10.10.1 and on port 1645 on address 10.10.11.2.
listen 10.10.10.1, 10.10.11.2:1645; |
forward statement This statement enables forwarding of the requests to the given set of servers. Forwarding is an experimental feature of GNU Radius, it differs from proxying in that the requests are sent to the remote server (or servers) and processed locally. The remote server is not expected to reply.
This mode is intended primarily for debugging purposes. It could also be useful in some very complex and unusual configurations.
portSets the number of which UDP port to listen on for the authentication requests.
max-requestsSets the maximum number of authentication requests in the queue. Any surplus requests will be discarded.
time-to-liveSets the request time-to-live in seconds. The time-to-live is the time to wait for the completion of the request. If the request job isn't completed within this interval of time it is cleared, the corresponding child process killed and the request removed from the queue.
request-cleanup-delaySets the request cleanup delay in seconds, i.e. determines how long will the completed authentication request reside in the queue.
password-expire-warningSets the time interval for password expiration warning. If user's password expires within given number of seconds, radiusd will send a warning along with authentication-acknowledge response. Default is 0.
detailWhen set to true, radiusd will produce the detailed log of each
received packet in the file ‘radacct/nasname/detail.auth’. The
format of such log files is identical to the format of detailed
accounting files (see section Detailed Request Accounting).
strip-namesDetermines whether radiusd should strip any prefixes/suffixes
off the username before logging.
checkrad-assume-loggedSee section mlc statement, for the description of this setting. It is accepted in
auth for compatibility with previous versions of GNU Radius.
trace-rulesEnables tracing of the configuration rules that were matched during processing of each received authentication request. See section Rule Tracing, for detailed information about this mode.
reject-malformed-namesEnables sending access-reject replies for the access-accept requests
that contain an invalid value in User-Name attribute. By default
such requests are discarded without answering. See the description of
username-chars (see section Option statement).
compare-attribute-flagThe argument to this statement is a character from ‘1’ through ‘9’. This statement modifies the request comparison method for authentication requests. See section Extended Comparison, for a detailed description of its usage.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.