2006-08-10 12:55:51 +02:00
|
|
|
# $NetBSD: Makefile,v 1.53 2006/08/10 10:55:52 adrianp Exp $
|
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org>
for putting this package together. Closes PR pkg/20013.
I had originally requested this package even though we already had the
Cistern RADIUS package because some terminal servers won't work with
one or the other of these packages. This increases the number of terminal
servers that can work with NetBSD.
from the DESCR file:
All code in this server was written from scratch.
The server is mostly compatible with livingston radiusd-2.01
(no menus or s/key support though) but with more feautures, such as:
o Can limit max. number of simultaneous logins on a per-user basis!
o Multiple DEFAULT entries, that can optionally fall-through.
o In fact, every entry can fall-through
o Deny/permit access based on huntgroup users dials into
o Set certain parameters (such as static IP address) based on huntgroup
o Extra "hints" file that can select SLIP/PPP/rlogin based on
username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc).
o Can execute an external program when user has authenticated (for example
to run a sendmail queue).
o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files
o Can act as a proxy server, relaying requests to a remote server
o Supports Vendor-Specific attributes
o No good documentation at all, just like the original radiusd 1.16!
Then of course for general RADIUS questions, especially if you are using
Livingston / Lucent RABU equipment, there is the portmaster-radius mailing
list. Send mail to portmaster-radius-request@livingston.com to find
out how to subscribe.
2003-02-27 09:51:00 +01:00
|
|
|
|
2006-08-09 18:42:09 +02:00
|
|
|
DISTNAME= freeradius-${RADVER}
|
2006-08-10 12:55:51 +02:00
|
|
|
PKGREVISION= 2
|
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org>
for putting this package together. Closes PR pkg/20013.
I had originally requested this package even though we already had the
Cistern RADIUS package because some terminal servers won't work with
one or the other of these packages. This increases the number of terminal
servers that can work with NetBSD.
from the DESCR file:
All code in this server was written from scratch.
The server is mostly compatible with livingston radiusd-2.01
(no menus or s/key support though) but with more feautures, such as:
o Can limit max. number of simultaneous logins on a per-user basis!
o Multiple DEFAULT entries, that can optionally fall-through.
o In fact, every entry can fall-through
o Deny/permit access based on huntgroup users dials into
o Set certain parameters (such as static IP address) based on huntgroup
o Extra "hints" file that can select SLIP/PPP/rlogin based on
username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc).
o Can execute an external program when user has authenticated (for example
to run a sendmail queue).
o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files
o Can act as a proxy server, relaying requests to a remote server
o Supports Vendor-Specific attributes
o No good documentation at all, just like the original radiusd 1.16!
Then of course for general RADIUS questions, especially if you are using
Livingston / Lucent RABU equipment, there is the portmaster-radius mailing
list. Send mail to portmaster-radius-request@livingston.com to find
out how to subscribe.
2003-02-27 09:51:00 +01:00
|
|
|
CATEGORIES= net
|
|
|
|
MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \
|
|
|
|
ftp://ftp.Awfulhak.org/pub/radius/
|
|
|
|
|
2005-03-02 22:50:18 +01:00
|
|
|
MAINTAINER= adrianp@NetBSD.org
|
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org>
for putting this package together. Closes PR pkg/20013.
I had originally requested this package even though we already had the
Cistern RADIUS package because some terminal servers won't work with
one or the other of these packages. This increases the number of terminal
servers that can work with NetBSD.
from the DESCR file:
All code in this server was written from scratch.
The server is mostly compatible with livingston radiusd-2.01
(no menus or s/key support though) but with more feautures, such as:
o Can limit max. number of simultaneous logins on a per-user basis!
o Multiple DEFAULT entries, that can optionally fall-through.
o In fact, every entry can fall-through
o Deny/permit access based on huntgroup users dials into
o Set certain parameters (such as static IP address) based on huntgroup
o Extra "hints" file that can select SLIP/PPP/rlogin based on
username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc).
o Can execute an external program when user has authenticated (for example
to run a sendmail queue).
o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files
o Can act as a proxy server, relaying requests to a remote server
o Supports Vendor-Specific attributes
o No good documentation at all, just like the original radiusd 1.16!
Then of course for general RADIUS questions, especially if you are using
Livingston / Lucent RABU equipment, there is the portmaster-radius mailing
list. Send mail to portmaster-radius-request@livingston.com to find
out how to subscribe.
2003-02-27 09:51:00 +01:00
|
|
|
HOMEPAGE= http://www.freeradius.org/
|
|
|
|
COMMENT= Free RADIUS server implementation
|
|
|
|
|
2004-10-02 14:06:03 +02:00
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
|
2006-07-14 00:20:35 +02:00
|
|
|
CONFLICTS+= radiusd-cistron-[0-9]*
|
2005-07-16 03:19:06 +02:00
|
|
|
USE_TOOLS+= gmake perl:run
|
2004-09-23 21:51:21 +02:00
|
|
|
GNU_CONFIGURE= YES
|
2006-08-10 12:55:51 +02:00
|
|
|
USE_LIBTOOL= YES
|
|
|
|
USE_OLD_DES_API= YES
|
|
|
|
|
|
|
|
BUILD_DEFS= VARBASE RADIUS_USER RADIUS_GROUP
|
2004-10-02 14:06:03 +02:00
|
|
|
PLIST_SRC= ${WRKDIR}/.PLIST_SRC
|
2006-08-10 12:55:51 +02:00
|
|
|
FILES_SUBST+= RADIUS_USER=${RADIUS_USER:Q}
|
|
|
|
FILES_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q}
|
2006-08-09 18:42:09 +02:00
|
|
|
PLIST_SUBST+= RADVER=${RADVER}
|
2006-08-10 12:55:51 +02:00
|
|
|
MESSAGE_SUBST+= CHOWN=${CHOWN:Q} CHMOD=${CHMOD:Q} VARBASE=${VARBASE}
|
|
|
|
MESSAGE_SUBST+= RADIUS_USER=${RADIUS_USER:Q} XARGS=${XARGS:Q}
|
|
|
|
MESSAGE_SUBST+= RADIUS_GROUP=${RADIUS_GROUP:Q} FIND=${FIND:Q}
|
|
|
|
|
|
|
|
PKG_SYSCONFSUBDIR= raddb
|
|
|
|
RCD_SCRIPTS= radiusd
|
|
|
|
RADIUS_USER?= radius
|
|
|
|
RADIUS_GROUP?= radius
|
|
|
|
PKG_GROUPS= ${RADIUS_USER}
|
|
|
|
PKG_USERS= ${RADIUS_USER}:${RADIUS_GROUP}
|
|
|
|
OWN_DIRS_PERMS+= ${VARBASE}/run/radiusd \
|
|
|
|
${RADIUS_USER} ${RADIUS_GROUP} 0750
|
|
|
|
OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd \
|
|
|
|
${RADIUS_USER} ${RADIUS_GROUP} 0750
|
|
|
|
OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd/radacct \
|
|
|
|
${RADIUS_USER} ${RADIUS_GROUP} 0750
|
|
|
|
|
2006-08-09 18:42:09 +02:00
|
|
|
RADVER= 1.1.2
|
2006-08-10 12:55:51 +02:00
|
|
|
EGDIR= ${PREFIX}/share/examples/freeradius
|
2005-03-02 22:44:55 +01:00
|
|
|
|
2006-04-06 08:21:32 +02:00
|
|
|
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7
|
2004-09-23 21:51:21 +02:00
|
|
|
|
2006-08-10 12:55:51 +02:00
|
|
|
CONFIGURE_ARGS+= --with-logdir=${VARBASE}/log/radiusd
|
2005-12-06 00:55:01 +01:00
|
|
|
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
|
|
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASEDIR:Q}
|
2003-07-30 14:08:47 +02:00
|
|
|
CONFIGURE_ARGS+= --disable-ltdl-install
|
|
|
|
CONFIGURE_ARGS+= --with-ltdl-lib=${PREFIX}/lib
|
|
|
|
CONFIGURE_ARGS+= --with-ltdl-include=${PREFIX}/include
|
2004-01-30 22:44:39 +01:00
|
|
|
CONFIGURE_ARGS+= --without-rlm_ippool
|
|
|
|
CONFIGURE_ARGS+= --without-rlm_smb
|
2004-09-23 21:51:21 +02:00
|
|
|
CONFIGURE_ARGS+= --without-rlm_sql_iodbc
|
|
|
|
CONFIGURE_ARGS+= --without-rlm_sql_oracle
|
|
|
|
CONFIGURE_ARGS+= --without-rlm_sql_unixodbc
|
2006-08-10 12:55:51 +02:00
|
|
|
CONFIGURE_ARGS+= --quiet
|
2006-03-22 00:08:08 +01:00
|
|
|
#CONFIGURE_ARGS+= --without-rlm_eap_peap
|
|
|
|
#CONFIGURE_ARGS+= --without-rlm_eap_sim
|
|
|
|
#CONFIGURE_ARGS+= --without-rlm_eap_tls
|
|
|
|
#CONFIGURE_ARGS+= --without-rlm_eap_ttls
|
2003-07-30 16:50:07 +02:00
|
|
|
|
2006-04-10 17:25:04 +02:00
|
|
|
REPLACE_PERL= scripts/radsqlrelay
|
|
|
|
|
2006-07-14 00:20:35 +02:00
|
|
|
SUBST_CLASSES= make
|
2004-11-10 23:27:32 +01:00
|
|
|
SUBST_STAGE.make= post-patch
|
Update to 1.1.0
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
|
|
|
SUBST_FILES.make= src/modules/rlm_mschap/Makefile \
|
2005-02-18 17:59:57 +01:00
|
|
|
src/modules/rlm_sql/drivers/rlm_sql_postgresql/Makefile.in
|
2004-11-16 14:51:45 +01:00
|
|
|
SUBST_SED.make= -e "s|RLM_LDFLAGS =|RLM_LDFLAGS = \
|
2006-03-22 00:08:08 +01:00
|
|
|
-L../../../src/lib/.libs/ -lradius|g"
|
|
|
|
SUBST_SED.make+= -e "s|RLM_SQL_LIBS =|RLM_SQL_LIBS = \
|
2005-02-18 17:59:57 +01:00
|
|
|
-L${PREFIX}/lib|g"
|
Update to 1.1.0
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
|
|
|
SUBST_MESSAGE.make= Fixing Makefiles.
|
2004-11-10 23:27:32 +01:00
|
|
|
|
2006-08-10 12:55:51 +02:00
|
|
|
SUBST_CLASSES+= config
|
|
|
|
SUBST_STAGE.config= post-patch
|
|
|
|
SUBST_FILES.config= raddb/radiusd.conf.in
|
|
|
|
SUBST_SED.config= -e "s|@@RADIUS_USER@@|${RADIUS_USER}|g"
|
|
|
|
SUBST_SED.config+= -e "s|@@RADIUS_GROUP@@|${RADIUS_GROUP}|g"
|
|
|
|
SUBST_MESSAGE.config= Fixing configuration files.
|
2003-07-30 16:50:07 +02:00
|
|
|
|
2006-08-10 12:55:51 +02:00
|
|
|
.include "options.mk"
|
2004-09-23 21:51:21 +02:00
|
|
|
|
|
|
|
EGFILES= acct_users attrs certs/demoCA/index.txt.old \
|
|
|
|
certs/demoCA/cacert.pem certs/demoCA/index.txt \
|
|
|
|
certs/demoCA/serial.old certs/demoCA/serial \
|
|
|
|
certs/newcert.pem certs/README certs/dh \
|
|
|
|
certs/cert-clt.der certs/cert-clt.p12 certs/cert-clt.pem \
|
|
|
|
certs/cert-srv.der certs/cert-srv.p12 certs/cert-srv.pem \
|
|
|
|
certs/newreq.pem certs/random certs/root.der certs/root.p12 \
|
|
|
|
certs/root.pem clients clients.conf dictionary.in eap.conf \
|
|
|
|
experimental.conf hints huntgroups ldap.attrmap mssql.conf \
|
|
|
|
naslist naspasswd oraclesql.conf pgsql-voip.conf \
|
Update to 1.1.0
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
|
|
|
postgresql.conf preproxy_users proxy.conf \
|
|
|
|
realms snmp.conf sql.conf users radiusd.conf dictionary \
|
|
|
|
otp.conf otppasswd.sample
|
2004-09-23 21:51:21 +02:00
|
|
|
|
|
|
|
.for f in ${EGFILES}
|
2006-08-10 12:55:51 +02:00
|
|
|
CONF_FILES_PERMS+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} \
|
|
|
|
${RADIUS_USER} ${RADIUS_GROUP} 0640
|
2004-09-23 21:51:21 +02:00
|
|
|
.endfor
|
|
|
|
|
|
|
|
.include "../../security/openssl/buildlink3.mk"
|
2004-10-15 14:03:52 +02:00
|
|
|
.include "../../devel/libltdl/buildlink3.mk"
|
2004-05-08 09:37:40 +02:00
|
|
|
.include "../../mk/pthread.buildlink3.mk"
|
2003-11-03 11:09:50 +01:00
|
|
|
|
|
|
|
.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "none"
|
2004-11-11 00:06:14 +01:00
|
|
|
CONFIGURE_ARGS+= --without-threads
|
2003-11-03 11:09:50 +01:00
|
|
|
.endif
|
|
|
|
|
2004-11-16 14:51:45 +01:00
|
|
|
.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "pth"
|
|
|
|
.include "../../devel/pthread-sem/buildlink3.mk"
|
2006-07-14 00:20:35 +02:00
|
|
|
SUBST_SED.make+= -e 's|@ldap_ldflags@|@ldap_ldflags@ \
|
|
|
|
${PTHREAD_LDFLAGS:Q} ${PTHREAD_LIBS:Q} -lsemaphore|g'
|
2004-11-16 14:51:45 +01:00
|
|
|
.endif
|
|
|
|
|
|
|
|
.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "native"
|
2006-07-14 00:20:35 +02:00
|
|
|
SUBST_SED.make+= -e 's|@ldap_ldflags@|@ldap_ldflags@ \
|
|
|
|
${PTHREAD_LDFLAGS:Q} ${PTHREAD_LIBS:Q}|g'
|
2006-03-22 21:53:41 +01:00
|
|
|
.endif
|
|
|
|
|
2005-11-29 00:44:02 +01:00
|
|
|
.if ${MACHINE_ARCH} == "amd64"
|
|
|
|
CFLAGS+= -fPIC
|
|
|
|
.endif
|
|
|
|
|
2004-12-19 19:59:12 +01:00
|
|
|
post-build:
|
2006-07-14 00:20:35 +02:00
|
|
|
${CP} ${PKGDIR}/PLIST ${WRKDIR}/.PLIST_SRC
|
2004-12-19 19:59:12 +01:00
|
|
|
|
|
|
|
post-install:
|
|
|
|
${INSTALL_DATA_DIR} ${EGDIR}
|
|
|
|
${INSTALL_DATA_DIR} ${EGDIR}/certs
|
|
|
|
${INSTALL_DATA_DIR} ${EGDIR}/certs/demoCA
|
2005-08-29 16:28:12 +02:00
|
|
|
.for f in ${EGFILES}
|
|
|
|
${INSTALL_DATA} ${WRKSRC}/raddb/${f} ${EGDIR}/${f}
|
|
|
|
.endfor
|
Update to 1.1.0
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
2006-02-05 16:34:08 +01:00
|
|
|
${INSTALL_SCRIPT} ${WRKSRC}/src/modules/rlm_perl/example.pl ${EGDIR}
|
2006-07-14 00:20:35 +02:00
|
|
|
${MKDIR} ${PKG_SYSCONFDIR}/certs
|
|
|
|
${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA
|
2006-08-10 12:55:51 +02:00
|
|
|
${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs
|
|
|
|
${CHOWN} ${RADIUS_USER}:${RADIUS_GROUP} ${PKG_SYSCONFDIR}/certs/demoCA
|
|
|
|
${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs
|
|
|
|
${CHMOD} 0750 ${PKG_SYSCONFDIR}/certs/demoCA
|
2004-12-19 19:59:12 +01:00
|
|
|
|
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org>
for putting this package together. Closes PR pkg/20013.
I had originally requested this package even though we already had the
Cistern RADIUS package because some terminal servers won't work with
one or the other of these packages. This increases the number of terminal
servers that can work with NetBSD.
from the DESCR file:
All code in this server was written from scratch.
The server is mostly compatible with livingston radiusd-2.01
(no menus or s/key support though) but with more feautures, such as:
o Can limit max. number of simultaneous logins on a per-user basis!
o Multiple DEFAULT entries, that can optionally fall-through.
o In fact, every entry can fall-through
o Deny/permit access based on huntgroup users dials into
o Set certain parameters (such as static IP address) based on huntgroup
o Extra "hints" file that can select SLIP/PPP/rlogin based on
username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc).
o Can execute an external program when user has authenticated (for example
to run a sendmail queue).
o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files
o Can act as a proxy server, relaying requests to a remote server
o Supports Vendor-Specific attributes
o No good documentation at all, just like the original radiusd 1.16!
Then of course for general RADIUS questions, especially if you are using
Livingston / Lucent RABU equipment, there is the portmaster-radius mailing
list. Send mail to portmaster-radius-request@livingston.com to find
out how to subscribe.
2003-02-27 09:51:00 +01:00
|
|
|
.include "../../mk/bsd.pkg.mk"
|