Diffstat (limited to 'lib/libradius/radius.conf.5')
1 files changed, 123 insertions, 0 deletions
diff --git a/lib/libradius/radius.conf.5 b/lib/libradius/radius.conf.5
new file mode 100644
@@ -0,0 +1,123 @@
+.\" Copyright 1998 Juniper Networks, Inc.
+.\" All rights reserved.
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.Dd July 29, 1998
+.Dt RADIUS.CONF 5
+.Nd RADIUS client configuration file
+contains the information necessary to configure the RADIUS client
+library. It is parsed by
+.Xr rad_config 3 .
+The file contains one or more lines of text, each describing a
+single RADIUS server which will be used by the library. Leading
+white space is ignored, as are empty lines and lines containing
+A RADIUS server is described by two to four fields on a line. The
+fields are separated by white space. The
+character at the beginning of a field begins a comment, which extends
+to the end of the line. A field may be enclosed in double quotes,
+in which case it may contain white space and/or begin with the
+character. Within a quoted string, the double quote character can
+be represented by
+.Ql \e\&" ,
+and the backslash can be represented by
+.Ql \e\e .
+No other escape sequences are supported.
+The first field specifies
+the server host, either as a fully qualified domain name or as a
+dotted-quad IP address. The host may optionally be followed by a
+and a numeric port number, without intervening white space. If the
+port specification is omitted, it defaults to the
+service in the
+file, or to the standard RADIUS port 1812 if there is no such entry in
+.Pa /etc/services .
+The second field contains the shared secret, which should be known
+only to the client and server hosts. It is an arbitrary string of
+characters, though it must be enclosed in double quotes if it
+contains white space. The shared secret may be
+any length, but the RADIUS protocol uses only the first 128
+characters. N.B., some popular RADIUS servers have bugs which
+prevent them from working properly with secrets longer than 16
+The third field contains a decimal integer specifying the timeout in
+seconds for receiving a valid reply from the server. If this field
+is omitted, it defaults to 3 seconds.
+The fourth field contains a decimal integer specifying the maximum
+number of attempts that will be made to authenticate with the server
+before giving up. If omitted, it defaults to 3 attempts. Note,
+this is the total number of attempts and not the number of retries.
+Up to 10 RADIUS servers may be specified. The servers are tried in
+round-robin fashion, until a valid response is received or the
+maximum number of tries has been reached for all servers.
+The standard location for this file is
+.Pa /etc/radius.conf .
+But an alternate pathname may be specified in the call to
+.Xr rad_config 3 .
+Since the file contains sensitive information in the form of the
+shared secrets, it should not be readable except by root.
+# A simple entry using all the defaults:
+# A server still using the obsolete RADIUS port, with increased
+# timeout and maximum tries:
+auth.domain.com:1645 "I can't see you, but I know you're there" 5 4
+# A server specified by its IP address:
+.Sh SEE ALSO
+.Xr libradius 3
+.%A C. Rigney, et al
+.%T Remote Authentication Dial In User Service (RADIUS)
+.%O RFC 2138
+This documentation was written by
+.An John Polstra ,
+and donated to the FreeBSD project by Juniper Networks, Inc.