Radius 1.2
Hello,
I am pleased to announce the release of GNU Radius 1.2.
GNU Radius is a set of tools for remote user authentication and
accounting. The package includes server daemon, various client
utilities, and a set of administrator tools.
For more information on Radius, including links to file
downloads, please see the Radius web page: http://www.gnu.org/software/radius
and the Radius project page http://savannah.gnu.org/projects/radius.
GNU Radius is available from ftp://ftp.gnu.org/gnu/radius and
the mirror sites worldwide (see http://www.gnu.org/order/ftp.html
for the list of those).
The MD5 checksums of the files are:
99b5e96118bc79178317eb72819d7027 radius-1.2.tar.bz2
41efba1332ff563e1f88f2aba04d9d24 radius-1.2.tar.gz
The list of user-visible changes follows:
- New features:
- Support for Status-Server request.
- Support for Tunnel Protocol (RFC 2865)
- The main configuration file raddb/config allows to specify
several Rewrite source files to be loaded instead of the single
predefined file raddb/rewrite. - Arbitrary Rewrite expressions may be used in A/V pairs.
- Test shell mode considerably improved.
- The internal attributes do not appear in detailed logs. The
special flag ‘l’ has been added to the dictionary syntax to turn
this feature off for selected attributes. - Changes to Rewrite language
- Usual dotted-quad notation may be used to represent IP
numbers. - A number of new built-in functions is added.
- New statement `#pragma regexp’ allows to alter the type of
regular expressions used. The rest of line following `#pragma
regexp’ must consist of whitespace-separated regexp modifiers. Each
regexp modifier is one of the following keywords:extended Use extended regular expressions icase Ignore case newline Match-any-character operators don’t match a newline. optionally preceeded by plus, indicating enabling the feature,
or minus, indicating disabling it.
- Usual dotted-quad notation may be used to represent IP
Default is `-extended -icase -newline’.
- Realms
- New flags “auth” and “acct” allow to select which type of
requests is to be proxied to the remote server. - New boolean flag “ignorecase”. When set, enables
case-insensitive comparison for realm names.
- New flags “auth” and “acct” allow to select which type of
- New configuration file statements
- radiusd-user <username>
Instructs radiusd to drop root privileges and to switch to uid /
gid of the given user right after becoming daemon.
- forward ip[:port]…
This statement can be used in `auth’ and `acct’ blocks to
request forwarding of the requests to remote server or servers. It
has the same syntax as `listen’ statement. Forwarding differs from
proxying in that the requests are sent to the remote server
and processed locally. The remote server is not expected
to reply. This mode is intended primarily for debugging purposes.
It could also be useful in some very complex configurations.
- trace-rules {yes|no}
Enables tracing of configuration rules matched while processing
requests. The statement may be used in `auth’ and `acct’
blocks.
- reject-malformed-names {yes|no}
Used in `auth’ block. Setting this option to `yes’ enables
sending access-reject replies for access-requests that contained
invalid user names.
- listen no
This is a special form of `listen’ statement that disables a
particular service.
- The amount of information output in logs is configurable via
the use of logging-hook rewrite functions. There are two kinds of
such hooks: prefix hooks that generate text to be displayed before
the diagnostics message, and suffix hooks that produce text to be
displayed after it. Such hooks may be global and category-specific,
the latter overriding the former. - File raddb/rewrite is no longer installed. The Rewrite sources
are installed under $prefix/share/radius/1.2/rewrite. - Dictionary
Redefinition of an attribute produces a warning message. In
future releases it will be considered an error.
There are two new statements: ALIAS and PROPERTY. ALIAS
statement defines an alternative name for an attribute. PROPERTY
redefines the attribute properties.
Flag ‘E’ marks attributes encrypted as per RFC 2138.
Currently these are User-Password and CHAP-Password.
Flag ‘F’ marks attribute encrypted as per RFC 2868.
- Both raddb/naslist and raddb/clients files allow to specify
hosts using CIDR notation. The DEFAULT keyword is also accepted in
both files.- Emacs files: Improved radconf-mode.el
- Deprecated features:
- Explicit use of Add-Port-To-IP-Address is no longer allowed.
- Bugfixes
- Renamed LIST to RAD_LIST to eliminate possible name clashes
with the other libraries (namely, libmysqlclient) - Choose the strictest timeout value between the one imposed by
Login-Time attribute and the one set using Session-Timeout
attribute. - Use sigaction for signal handling whenever it is
available. - Fixed coredumps after unsuccessful error recovery in
raddb/users file.
Regards,
Sergey