1 files changed, 123 insertions, 0 deletions

diff --git a/lib/libradius/radius.conf.5 b/lib/libradius/radius.conf.5
new file mode 100644
index 000000000000..2cd72c2952ba
--- /dev/null
+++ b/lib/libradius/radius.conf.5
@@ -0,0 +1,123 @@
+.\" Copyright 1998 Juniper Networks, Inc.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	$FreeBSD$
+.\"
+.Dd July 29, 1998
+.Dt RADIUS.CONF 5
+.Os FreeBSD
+.Sh NAME
+.Nm radius.conf
+.Nd RADIUS client configuration file
+.Sh SYNOPSIS
+.Pa /etc/radius.conf
+.Sh DESCRIPTION
+.Nm
+contains the information necessary to configure the RADIUS client
+library.  It is parsed by
+.Xr rad_config 3 .
+The file contains one or more lines of text, each describing a
+single RADIUS server which will be used by the library.  Leading
+white space is ignored, as are empty lines and lines containing
+only comments.
+.Pp
+A RADIUS server is described by two to four fields on a line.  The
+fields are separated by white space.  The
+.Ql #
+character at the beginning of a field begins a comment, which extends
+to the end of the line.  A field may be enclosed in double quotes,
+in which case it may contain white space and/or begin with the
+.Ql #
+character.  Within a quoted string, the double quote character can
+be represented by
+.Ql \e\&" ,
+and the backslash can be represented by
+.Ql \e\e .
+No other escape sequences are supported.
+.Pp
+The first field specifies
+the server host, either as a fully qualified domain name or as a
+dotted-quad IP address.  The host may optionally be followed by a
+.Ql \&:
+and a numeric port number, without intervening white space.  If the
+port specification is omitted, it defaults to the
+.Ql radius
+service in the
+.Pa /etc/services
+file, or to the standard RADIUS port 1812 if there is no such entry in
+.Pa /etc/services .
+.Pp
+The second field contains the shared secret, which should be known
+only to the client and server hosts.  It is an arbitrary string of
+characters, though it must be enclosed in double quotes if it
+contains white space.  The shared secret may be
+any length, but the RADIUS protocol uses only the first 128
+characters.  N.B., some popular RADIUS servers have bugs which
+prevent them from working properly with secrets longer than 16
+characters.
+.Pp
+The third field contains a decimal integer specifying the timeout in
+seconds for receiving a valid reply from the server.  If this field
+is omitted, it defaults to 3 seconds.
+.Pp
+The fourth field contains a decimal integer specifying the maximum
+number of attempts that will be made to authenticate with the server
+before giving up.  If omitted, it defaults to 3 attempts.  Note,
+this is the total number of attempts and not the number of retries.
+.Pp
+Up to 10 RADIUS servers may be specified.  The servers are tried in
+round-robin fashion, until a valid response is received or the
+maximum number of tries has been reached for all servers.
+.Pp
+The standard location for this file is
+.Pa /etc/radius.conf .
+But an alternate pathname may be specified in the call to
+.Xr rad_config 3 .
+Since the file contains sensitive information in the form of the
+shared secrets, it should not be readable except by root.
+.Sh FILES
+.Pa /etc/radius.conf
+.Sh EXAMPLES
+.Bd -literal
+# A simple entry using all the defaults:
+radius1.domain.com	OurLittleSecret
+
+# A server still using the obsolete RADIUS port, with increased
+# timeout and maximum tries:
+auth.domain.com:1645	"I can't see you, but I know you're there"  5  4
+
+# A server specified by its IP address:
+192.168.27.81		$X*#..38947ax-+=
+.Ed
+.Sh SEE ALSO
+.Xr libradius 3
+.Rs
+.%A C. Rigney, et al
+.%T Remote Authentication Dial In User Service (RADIUS)
+.%O RFC 2138
+.Re
+.Sh AUTHORS
+This documentation was written by
+.An John Polstra ,
+and donated to the FreeBSD project by Juniper Networks, Inc.