# -*- text -*-
#
#  $Id$

# Realm module, for proxying.
#
#  You can have multiple instances of the realm module to
#  support multiple realm syntaxes at the same time.  The
#  search order is defined by the order that the modules are listed
#  in the authorize and preacct sections.
#
#  Four config options:
#	format	 -  must be "prefix" or "suffix"
#			  The special cases of "DEFAULT"
#			  and "NULL" are allowed, too.
#	delimiter      -  must be a single character

#
#  For dynamic home servers, see doc/configuration/dynamic_home_servers.md,
#  and the script in mods-config/realm/freeradius-naptr-to-home-server.sh
#

#  'realm/username'
#
#  Using this entry, IPASS users have their realm set to "IPASS".
realm IPASS {
	format = prefix
	delimiter = "/"
}

#  'username@realm'
#
realm suffix {
	format = suffix
	delimiter = "@"

	# The next configuration items are valid ONLY for a trust-router.
	# For all other realms, they are ignored.
#	trust_router = "localhost"
#	tr_port = 12309
#	rp_realm = "realm.example.com"
#	default_community = "apc.communities.example.com"
#	# if rekey_enabled is enabled, dynamic realms are automatically rekeyed
#	# before they expire to avoid having to recreate them from scrach on
#	# demand (implying lengthy authentications)
#	rekey_enabled = no
#	# if realm_lifetime is > 0, the rekey is scheduled to happen the
#	# specified number of seconds after its creation or rekeying. Otherwise,
#	# the key material expiration timestamp is used
#	realm_lifetime = 0
}

#  'realm!username'
#
realm bangpath {
	format = prefix
	delimiter = "!"

#	trust_router = "localhost"
#	tr_port = 12309
#	rp_realm = "realm.example.com"
#	default_community = "apc.communities.example.com"
#	rekey_enabled = no
#	realm_lifetime = 0
}

#  'username%realm'
#
realm realmpercent {
	format = suffix
	delimiter = "%"
}

#
#  'domain\user'
#
realm ntdomain {
	format = prefix
	delimiter = "\\"
}