* Install the "radcrypt" program.
* Enable radclient to send requests containing MS-CHAPv1 Send packets with:
MS-CHAP-Password = "password". It will be automatically converted to the
correct MS-CHAP attributes.
* Added "-t" command-line option to radtest. You can use "-t pap", "-t chap",
"-t mschap", or "-t eap-md5". The default is "-t pap"
* Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120 This change
and the previous one makes PEAP testing much easier.
* Added more documentation and examples for the "passwd" module.
* Added dictionaries for RFC 5607 and RFC 5904.
* Added note in proxy.conf that we recommend setting
"require_message_authenticator = yes" for all home servers.
* Added example of second "files" configuration, with documentation.
This shows how and where to use two instances of a module.
* Updated radsniff to have it write pcap files, too. See '-w'.
* Print out large WARNING message if we send an Access-Challenge for EAP, and
receive no follow-up messages from the client.
* Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf.
* Added support for TLS-Cert-* attributes. For details, see
raddb/sites-available/default, "post-auth" section.
* Added sample raddb/modules/{opendirectory,dynamic_clients}
* Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
* Added RFCs 5607, 5904, and 5997.
* For EAP-TLS, client certificates can now be validated using an external
command. See eap.conf, "validate" subsection of "tls".
* Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS
systems.
* Add Module-Failure-Message for mschap module (ntlm_auth)
* Made rlm_sql_sqlite database configurable. Use "filename" in sql{} section.
* Added %{tolower: ...string ... }, which returns the lowercase version of the
string. Also added %{toupper: ... } for uppercase.
* Bug fixes.
9841a38304