← Back to branch summary

~ubuntu-branches/ubuntu/natty/freeradius/natty-updates

« back to all changes in this revision

Viewing changes to raddb/eap.conf

  • Committer: Bazaar Package Importer
  • Author(s): Josip Rodin
  • Date: 2009-11-23 03:57:37 UTC
  • mfrom: (1.2.1 upstream)
  • mto: This revision was merged to the branch mainline in revision 28.
  • Revision ID: james.westby@ubuntu.com-20091123035737-zsgtzhfych8hir68
Tags: 2.1.7+dfsg-1
http://bugs.debian.org/536623
http://bugs.debian.org/513484
http://bugs.debian.org/526175
http://bugs.debian.org/533396
http://bugs.debian.org/550143
* Adopting the package, closes: #536623.
* New upstream version, closes: #513484.
  + Fixes the blooper in unlang evaluation logic, closes: #526175.
* Used quilt (and added README.source), and moved upstream file patching
  into debian/patches/. The source is no longer in collab-maint git
  (to make it simpler for me to finally get this out the door), but
  kept the .gitignore should we need that again.
* Dropped the dialup_admin/bin/backup_radacct patch (integrated upstream).
* Dropped the raddb/Makefile patch (problem no longer exists upstream).
* Dropped the lib/packet.c lib/radius.c main/listen.c patches (was from
  upstream 2.0.5 anyway).
* Dropped references to otp.conf, it no longer exists upstream.
  Keep removing the conffile statoverride in prerm.
* Dropped references to snmp.conf, it no longer exists upstream.
  Keep removing the conffile statoverride in prerm.
* Ship /etc/freeradius/modules/* in the freeradius package.
* Stop shipping sites-enabled symlinks in the package and instead create
  them only on initial install, thanks to Matej Vela, closes: #533396.
* Add export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" to the init script
  at the request of John Morrissey, closes: #550143.
* Stop installing /var/run/freeradius in the package to silence Lintian.
  The init script already recreates it at will.
* Remove executable bit from example.pl to silence Lintian.

Show diffs side-by-side

added added

removed removed

Lines of Context:
raddb/eap.conf
2
2
##
3
3
##  eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.)
4
4
##
5
 
##      $Id: eap.conf,v 1.24 2008/02/26 09:32:29 aland Exp $
 
5
##      $Id$
6
6
 
7
7
#######################################################################
8
8
#
58
58
                # zero byte.
59
59
                cisco_accounting_username_bug = no
60
60
 
 
61
                #
 
62
                #  Help prevent DoS attacks by limiting the number of
 
63
                #  sessions that the server is tracking.  Most systems
 
64
                #  can handle ~30 EAP sessions/s, so the default limit
 
65
                #  of 2048 is more than enough.
 
66
                max_sessions = 2048
 
67
 
61
68
                # Supported EAP-types
62
69
 
63
70
                #
251
258
                        #  initial deployments easier.
252
259
                        #
253
260
                        make_cert_command = "${certdir}/bootstrap"
 
261
 
 
262
                        #
 
263
                        #  Session resumption / fast reauthentication
 
264
                        #  cache.
 
265
                        #
 
266
                        cache {
 
267
                              #
 
268
                              #  Enable it.  The default is "no".
 
269
                              #  Deleting the entire "cache" subsection
 
270
                              #  Also disables caching.
 
271
                              #
 
272
                              #  You can disallow resumption for a
 
273
                              #  particular user by adding the following
 
274
                              #  attribute to the control item list:
 
275
                              #
 
276
                              #         Allow-Session-Resumption = No
 
277
                              #
 
278
                              #  If "enable = no" below, you CANNOT
 
279
                              #  enable resumption for just one user
 
280
                              #  by setting the above attribute to "yes".
 
281
                              #
 
282
                              enable = no
 
283
 
 
284
                              #
 
285
                              #  Lifetime of the cached entries, in hours.
 
286
                              #  The sessions will be deleted after this
 
287
                              #  time.
 
288
                              #
 
289
                              lifetime = 24 # hours
 
290
 
 
291
                              #
 
292
                              #  The maximum number of entries in the
 
293
                              #  cache.  Set to "0" for "infinite".
 
294
                              #
 
295
                              #  This could be set to the number of users
 
296
                              #  who are logged in... which can be a LOT.
 
297
                              #
 
298
                              max_entries = 255
 
299
                        }
254
300
                }
255
301
 
256
302
                #  The TTLS module implements the EAP-TTLS protocol,
324
370
                        #  outer requests.
325
371
                        #
326
372
                        virtual_server = "inner-tunnel"
 
373
 
 
374
                        #  This has the same meaning as the
 
375
                        #  same field in the "tls" module, above.
 
376
                        #  The default value here is "yes".
 
377
                #       include_length = yes
327
378
                }
328
379
 
329
380
                ##################################################
370
421
                #  require a client certificate.
371
422
                #
372
423
                #
373
 
                #  You can make TTLS require a client cert by setting
 
424
                #  You can make PEAP require a client cert by setting
374
425
                #
375
426
                #       EAP-TLS-Require-Client-Cert = Yes
376
427
                #