1.\" Copyright 1998 Juniper Networks, Inc.
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
--- 8 unchanged lines hidden (view full) ---
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: head/lib/libradius/radius.conf.5 50476 1999-08-28 00:22:10Z peter $
26.\"
27.Dd July 29, 1998
28.Dt RADIUS.CONF 5
29.Os FreeBSD
30.Sh NAME
31.Nm radius.conf
32.Nd RADIUS client configuration file
33.Sh SYNOPSIS
34.Pa /etc/radius.conf
35.Sh DESCRIPTION
36.Nm
37contains the information necessary to configure the RADIUS client
38library. It is parsed by
39.Xr rad_config 3 .
40The file contains one or more lines of text, each describing a
41single RADIUS server which will be used by the library. Leading
42white space is ignored, as are empty lines and lines containing
43only comments.
44.Pp
45A RADIUS server is described by two to four fields on a line. The
46fields are separated by white space. The
47.Ql #
48character at the beginning of a field begins a comment, which extends
49to the end of the line. A field may be enclosed in double quotes,
50in which case it may contain white space and/or begin with the
51.Ql #
52character. Within a quoted string, the double quote character can
53be represented by
54.Ql \e\&" ,
55and the backslash can be represented by
56.Ql \e\e .
57No other escape sequences are supported.
58.Pp
59The first field specifies
60the server host, either as a fully qualified domain name or as a
61dotted-quad IP address. The host may optionally be followed by a
62.Ql \&:
63and a numeric port number, without intervening white space. If the
64port specification is omitted, it defaults to the
65.Ql radius
66service in the
67.Pa /etc/services
68file, or to the standard RADIUS port 1812 if there is no such entry in
69.Pa /etc/services .
70.Pp
71The second field contains the shared secret, which should be known
72only to the client and server hosts. It is an arbitrary string of
73characters, though it must be enclosed in double quotes if it
74contains white space. The shared secret may be
75any length, but the RADIUS protocol uses only the first 128
76characters. N.B., some popular RADIUS servers have bugs which
77prevent them from working properly with secrets longer than 16
78characters.
79.Pp
80The third field contains a decimal integer specifying the timeout in
81seconds for receiving a valid reply from the server. If this field
82is omitted, it defaults to 3 seconds.
83.Pp
84The fourth field contains a decimal integer specifying the maximum
85number of attempts that will be made to authenticate with the server
86before giving up. If omitted, it defaults to 3 attempts. Note,
87this is the total number of attempts and not the number of retries.
88.Pp
89Up to 10 RADIUS servers may be specified. The servers are tried in
90round-robin fashion, until a valid response is received or the
91maximum number of tries has been reached for all servers.
92.Pp
93The standard location for this file is
94.Pa /etc/radius.conf .
95But an alternate pathname may be specified in the call to
96.Xr rad_config 3 .
97Since the file contains sensitive information in the form of the
98shared secrets, it should not be readable except by root.
99.Sh FILES
100.Pa /etc/radius.conf
101.Sh EXAMPLES
102.Bd -literal
103# A simple entry using all the defaults:
104radius1.domain.com OurLittleSecret
105
106# A server still using the obsolete RADIUS port, with increased
107# timeout and maximum tries:
108auth.domain.com:1645 "I can't see you, but I know you're there" 5 4
109
110# A server specified by its IP address:
111192.168.27.81 $X*#..38947ax-+=
112.Ed
113.Sh SEE ALSO
114.Xr libradius 3
115.Rs
116.%A C. Rigney, et al
117.%T Remote Authentication Dial In User Service (RADIUS)
118.%O RFC 2138
119.Re
120.Sh AUTHORS
121This documentation was written by
122.An John Polstra ,
123and donated to the FreeBSD project by Juniper Networks, Inc.
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
--- 8 unchanged lines hidden (view full) ---
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: head/lib/libradius/radius.conf.5 50476 1999-08-28 00:22:10Z peter $
26.\"
27.Dd July 29, 1998
28.Dt RADIUS.CONF 5
29.Os FreeBSD
30.Sh NAME
31.Nm radius.conf
32.Nd RADIUS client configuration file
33.Sh SYNOPSIS
34.Pa /etc/radius.conf
35.Sh DESCRIPTION
36.Nm
37contains the information necessary to configure the RADIUS client
38library. It is parsed by
39.Xr rad_config 3 .
40The file contains one or more lines of text, each describing a
41single RADIUS server which will be used by the library. Leading
42white space is ignored, as are empty lines and lines containing
43only comments.
44.Pp
45A RADIUS server is described by two to four fields on a line. The
46fields are separated by white space. The
47.Ql #
48character at the beginning of a field begins a comment, which extends
49to the end of the line. A field may be enclosed in double quotes,
50in which case it may contain white space and/or begin with the
51.Ql #
52character. Within a quoted string, the double quote character can
53be represented by
54.Ql \e\&" ,
55and the backslash can be represented by
56.Ql \e\e .
57No other escape sequences are supported.
58.Pp
59The first field specifies
60the server host, either as a fully qualified domain name or as a
61dotted-quad IP address. The host may optionally be followed by a
62.Ql \&:
63and a numeric port number, without intervening white space. If the
64port specification is omitted, it defaults to the
65.Ql radius
66service in the
67.Pa /etc/services
68file, or to the standard RADIUS port 1812 if there is no such entry in
69.Pa /etc/services .
70.Pp
71The second field contains the shared secret, which should be known
72only to the client and server hosts. It is an arbitrary string of
73characters, though it must be enclosed in double quotes if it
74contains white space. The shared secret may be
75any length, but the RADIUS protocol uses only the first 128
76characters. N.B., some popular RADIUS servers have bugs which
77prevent them from working properly with secrets longer than 16
78characters.
79.Pp
80The third field contains a decimal integer specifying the timeout in
81seconds for receiving a valid reply from the server. If this field
82is omitted, it defaults to 3 seconds.
83.Pp
84The fourth field contains a decimal integer specifying the maximum
85number of attempts that will be made to authenticate with the server
86before giving up. If omitted, it defaults to 3 attempts. Note,
87this is the total number of attempts and not the number of retries.
88.Pp
89Up to 10 RADIUS servers may be specified. The servers are tried in
90round-robin fashion, until a valid response is received or the
91maximum number of tries has been reached for all servers.
92.Pp
93The standard location for this file is
94.Pa /etc/radius.conf .
95But an alternate pathname may be specified in the call to
96.Xr rad_config 3 .
97Since the file contains sensitive information in the form of the
98shared secrets, it should not be readable except by root.
99.Sh FILES
100.Pa /etc/radius.conf
101.Sh EXAMPLES
102.Bd -literal
103# A simple entry using all the defaults:
104radius1.domain.com OurLittleSecret
105
106# A server still using the obsolete RADIUS port, with increased
107# timeout and maximum tries:
108auth.domain.com:1645 "I can't see you, but I know you're there" 5 4
109
110# A server specified by its IP address:
111192.168.27.81 $X*#..38947ax-+=
112.Ed
113.Sh SEE ALSO
114.Xr libradius 3
115.Rs
116.%A C. Rigney, et al
117.%T Remote Authentication Dial In User Service (RADIUS)
118.%O RFC 2138
119.Re
120.Sh AUTHORS
121This documentation was written by
122.An John Polstra ,
123and donated to the FreeBSD project by Juniper Networks, Inc.