Go to the first, previous, next, last section, table of contents.


auth statement

Syntax:

    auth {
            [ listen addr-list ; ]
            [ port number ; ]
            [ spawn bool ; ]
            [ max-requests number ; ]
            [ time-to-live number ; ]
            [ request-cleanup-delay number ; ]
            [ detail bool ; ]
            [ strip-names bool ; ]
            [ checkrad-assume-logged bool ; ]
            [ password-expire-warning number ; ]
    } ;

Usage:

The auth statement configures the parameters of the authentication service.

listen statement

This statement determines on which addresses radiusd will listen for incoming authentication requests. Its argument is a comma-separated list of items in the form ip:port-number. ip can be either an IP address in familiar "dotted-quad" notation or a hostname. :port-number part may be omitted, in which case the default authentication port is assumed.

If the listen statement is omitted, radiusd will accept incoming requests from any interface on the machine.

Numeric statements

port
Sets the number of UDP port to listen on for the authentication requests.
max-requests
Sets the maximum number of authentication requests in the queue. Any surplus requests will be discarded.
time-to-live
Sets the request time-to-live in seconds. The time-to-live is the time to wait for the completion of the request. If the request job isn't completed within this interval of time it is cleared, the corresponding child process killed and the request removed from the queue.
request-cleanup-delay
Sets the request cleanup delay in seconds, i.e. determines how long will the completed authentication request reside in the queue.
password-expire-warning
Sets the time interval for password expiration warning. If user's password expires within given number of seconds, radiusd will send a warning along with authentication-acknowledge response. Default is 0.

Boolean statements

spawn
Determines if radiusd should spawn a child to process the request.
detail
When set to true, radiusd will produce the detailed log of each received packet in the file `radacct/NASNAME/detail.auth'. (see section Naming Conventions).
strip-names
Determines whether radiusd should strip any prefixes/suffixes off the username before logging.
checkrad-assume-logged
radiusd consults the value of this variable when the NAS does not responds to checkrad queries (see section Checking Simultaneous Logins). If this variable is set to yes, the daemon will proceed as if the NAS returned "yes", i.e. it will assume the user is logged in. Otherwise radiusd assumes the user is not logged in.


Go to the first, previous, next, last section, table of contents.