blob: 832b1259f85ad25d36bf10e1ee059703d65db5c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
# -*- text -*-
##
## test.conf -- Virtual server configuration for testing radiusd.
##
## $Id$
##
test_port = 10000
correct_escapes = true
# Only for testing!
# Setting this on a production system is a BAD IDEA.
security {
allow_vulnerable_openssl = yes
}
modules {
$INCLUDE ${maindir}/mods-enabled/
$INCLUDE ${testdir}/config/eap-test
}
realm test.example.com {
authhost = 127.0.0.1:${test_port}
secret = testing123
}
policy {
files.authorize {
if (User-Name == "bob") {
update control {
&Cleartext-Password := "bob"
}
}
}
$INCLUDE ${maindir}/policy.d/
}
#
# This virtual server is chosen for processing requests when using:
#
# radiusd -Xd src/tests/ -i 127.0.0.1 -p 12340 -n test
#
server test {
listen {
ipaddr = 127.0.0.1
port = ${test_port}
type = auth
}
authorize {
update reply {
&Test-Server-Port = "%{Packet-Dst-Port}"
}
if (User-Name == "bob") {
#
# Digest-* tests have a password of "zanzibar"
# Or, a hashed version thereof.
#
if (Digest-Response) {
if (&Test-Number == "1") {
update control {
&Cleartext-Password := "zanzibar"
}
}
elsif (Test-Number == "2") {
update control {
&Digest-HA1 := 12af60467a33e8518da5c68bbff12b11
}
}
}
else {
update control {
&Cleartext-Password := "bob"
}
}
}
if (User-Name =~ /^(.*)@test\.example\.com$/) {
update request {
&Stripped-User-Name := "%{1}"
}
update control {
&Proxy-To-Realm := test.example.com
}
}
chap
mschap
digest
eap-test
pap
}
authenticate {
pap
chap
mschap
digest
eap-test
}
accounting {
if (Packet-Src-IP-Address != 255.255.255.255) {
detail
}
ok
}
}
|
