18ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# General settings 28ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 38ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# specify which authentication comes first respectively which 48ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# authentication is used. possible values are: "radius" and "local". 58ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# if you specify "radius,local" then the RADIUS server is asked 68ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# first then the local one. if only one keyword is specified only 78ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# this server is asked. 88ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectauth_order radius 98ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 108ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# maximum login tries a user has (default 4) 118ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectlogin_tries 4 128ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 138ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# timeout for all login tries (default 60) 148ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# if this time is exceeded the user is kicked out 158ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectlogin_timeout 60 168ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 178ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# name of the nologin file which when it exists disables logins. 188ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# it may be extended by the ttyname which will result in 198ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable 208ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# logins on /dev/ttyS2) (default /etc/nologin) 218ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectnologin /etc/nologin 228ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 238ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# name of the issue file. it's only display when no username is passed 248ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# on the radlogin command line (default /etc/radiusclient/issue) 258ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectissue /usr/local/etc/radiusclient/issue 268ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 278ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# RADIUS settings 288ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 298ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# RADIUS server to use for authentication requests. this config 308ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# item can appear more then one time. if multiple servers are 318ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# defined they are tried in a round robin fashion if one 328ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# server is not answering. 338ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# optionally you can specify a the port number on which is remote 348ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# RADIUS listens separated by a colon from the hostname. if 358ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# no port is specified /etc/services is consulted of the radius 368ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# service. if this fails also a compiled in default is used. 378ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectauthserver localhost:1812 388ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 398ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# RADIUS server to use for accouting requests. All that I 408ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# said for authserver applies, too. 418ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# 428ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectacctserver localhost:1813 438ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 448ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# file holding shared secrets used for the communication 458ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# between the RADIUS client and server 468ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectservers /usr/local/etc/radiusclient/servers 478ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 488ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# dictionary of allowed attributes and values 498ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# just like in the normal RADIUS distributions 508ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectdictionary /usr/local/etc/radiusclient/dictionary 518ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 528ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# program to call for a RADIUS authenticated login 538ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# (default /usr/sbin/login.radius) 548ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectlogin_radius /usr/local/sbin/login.radius 558ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 568ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# file which holds sequence number for communication with the 578ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# RADIUS server 588ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectseqfile /var/run/radius.seq 598ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 608ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# file which specifies mapping between ttyname and NAS-Port attribute 618ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectmapfile /usr/local/etc/radiusclient/port-id-map 628ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 638ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# default authentication realm to append to all usernames if no 648ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# realm was explicitly specified by the user 658ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# the radiusd directly form Livingston doesnt use any realms, so leave 668ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# it blank then 678ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectdefault_realm 688ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 698ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# time to wait for a reply from the RADIUS server 708ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectradius_timeout 10 718ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 728ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# resend request this many times before trying the next server 738ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectradius_retries 3 748ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 758ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# NAS-Identifier 768ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# 778ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# If supplied, this option will cause the client to send the given string 788ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# as the contents of the NAS-Identifier attribute in RADIUS requests. No 798ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# NAS-IP-Address attribute will be sent in this case. 808ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# 818ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# The default behavior is to send a NAS-IP-Address option and not send 828ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# a NAS-Identifier. The value of the NAS-IP-Address option is chosen 838ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# by resolving the system hostname. 848ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 858ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# nas_identifier MyUniqueNASName 868ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 878ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# LOCAL settings 888ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project 898ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# program to execute for local login 908ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Project# it must support the -f flag for preauthenticated login 918ad0dd2a5c5f23cd210aedba72a43e48026e7436The Android Open Source Projectlogin_local /bin/login 92