---

Release Digest: GNU, December 8, 2003

Radius 1.2

Hello,

I am pleased to announce the release of GNU Radius 1.2.

GNU Radius is a set of tools for remote user authentication and
accounting. The package includes server daemon, various client
utilities, and a set of administrator tools.

For more information on Radius, including links to file
downloads, please see the Radius web page: http://www.gnu.org/software/radius
and the Radius project page http://savannah.gnu.org/projects/radius.

GNU Radius is available from ftp://ftp.gnu.org/gnu/radius and
the mirror sites worldwide (see http://www.gnu.org/order/ftp.html
for the list of those).

The MD5 checksums of the files are:

99b5e96118bc79178317eb72819d7027 radius-1.2.tar.bz2
41efba1332ff563e1f88f2aba04d9d24 radius-1.2.tar.gz

The list of user-visible changes follows:

  • New features:
    • Support for Status-Server request.
    • Support for Tunnel Protocol (RFC 2865)
    • The main configuration file raddb/config allows to specify
      several Rewrite source files to be loaded instead of the single
      predefined file raddb/rewrite.
    • Arbitrary Rewrite expressions may be used in A/V pairs.
    • Test shell mode considerably improved.
    • The internal attributes do not appear in detailed logs. The
      special flag ‘l’ has been added to the dictionary syntax to turn
      this feature off for selected attributes.
    • Changes to Rewrite language
      • Usual dotted-quad notation may be used to represent IP
        numbers.
      • A number of new built-in functions is added.
      • New statement `#pragma regexp’ allows to alter the type of
        regular expressions used. The rest of line following `#pragma
        regexp’ must consist of whitespace-separated regexp modifiers. Each
        regexp modifier is one of the following keywords:

        extended Use extended regular expressions
        icase Ignore case
        newline Match-any-character operators don’t match a newline.

        optionally preceeded by plus, indicating enabling the feature,
        or minus, indicating disabling it.

Default is `-extended -icase -newline’.

  • Realms
    • New flags “auth” and “acct” allow to select which type of
      requests is to be proxied to the remote server.
    • New boolean flag “ignorecase”. When set, enables
      case-insensitive comparison for realm names.
  • New configuration file statements
    • radiusd-user <username>

Instructs radiusd to drop root privileges and to switch to uid /
gid of the given user right after becoming daemon.

  • forward ip[:port]…

This statement can be used in `auth’ and `acct’ blocks to
request forwarding of the requests to remote server or servers. It
has the same syntax as `listen’ statement. Forwarding differs from
proxying in that the requests are sent to the remote server
and processed locally. The remote server is not expected
to reply. This mode is intended primarily for debugging purposes.
It could also be useful in some very complex configurations.

  • trace-rules {yes|no}

Enables tracing of configuration rules matched while processing
requests. The statement may be used in `auth’ and `acct’
blocks.

  • reject-malformed-names {yes|no}

Used in `auth’ block. Setting this option to `yes’ enables
sending access-reject replies for access-requests that contained
invalid user names.

  • listen no

This is a special form of `listen’ statement that disables a
particular service.

  • The amount of information output in logs is configurable via
    the use of logging-hook rewrite functions. There are two kinds of
    such hooks: prefix hooks that generate text to be displayed before
    the diagnostics message, and suffix hooks that produce text to be
    displayed after it. Such hooks may be global and category-specific,
    the latter overriding the former.
  • File raddb/rewrite is no longer installed. The Rewrite sources
    are installed under $prefix/share/radius/1.2/rewrite.
  • Dictionary

Redefinition of an attribute produces a warning message. In
future releases it will be considered an error.

There are two new statements: ALIAS and PROPERTY. ALIAS
statement defines an alternative name for an attribute. PROPERTY
redefines the attribute properties.

Flag ‘E’ marks attributes encrypted as per RFC 2138.
Currently these are User-Password and CHAP-Password.

Flag ‘F’ marks attribute encrypted as per RFC 2868.

  • Both raddb/naslist and raddb/clients files allow to specify
    hosts using CIDR notation. The DEFAULT keyword is also accepted in
    both files.

    • Emacs files: Improved radconf-mode.el
    • Deprecated features:
  • Explicit use of Add-Port-To-IP-Address is no longer allowed.
    • Bugfixes
  • Renamed LIST to RAD_LIST to eliminate possible name clashes
    with the other libraries (namely, libmysqlclient)
  • Choose the strictest timeout value between the one imposed by
    Login-Time attribute and the one set using Session-Timeout
    attribute.
  • Use sigaction for signal handling whenever it is
    available.
  • Fixed coredumps after unsuccessful error recovery in
    raddb/users file.

Regards,
Sergey

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis