From 790b71250008f5050673c39db4d2cb62816a0145 Mon Sep 17 00:00:00 2001 From: venaas Date: Wed, 16 Jul 2008 09:10:41 +0000 Subject: updated man page with loopdetection and accoutingresponse options git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@302 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.conf.5 | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index be37788..414f85a 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -135,6 +135,13 @@ This can be used to specify source address and/or source port that the proxy will use for sending TCP client messages (e.g. Access Request). .sp .TP +\fBLoopPrevention\fR +This can be set to \fBon\fR or \fBoff\fR with \fBoff\fR being the default. When +this is enabled, a request will never be sent to a server named the same as the +client it was received from. I.e., the names of the client block and the server +block are compared. Note that this only gives limited protection against loops. +.sp +.TP \fBInclude\fR This is not a normal configuration option; it can be specified multiple times. It can both be used as a basic option and inside blocks. For the full description, @@ -267,7 +274,8 @@ The proxy will match against the blocks in the order they are specified, using the first match if any. If no realm matches, the proxy will simply ignore the request. Each realm block specifies what the server should do when a match is found. A realm block may contain none, one or multiple \fBserver\fR options, -and optionally a \fBreplyMessage\fR option. We will discuss these later. +and similarly \fBaccountingServer\fR options. There are also \fBreplyMessage\fR +and \fBAccountingResponse\fR options. We will discuss these later. .sp .TP @@ -335,6 +343,14 @@ When sending reject messages, the proxy will check if the option attribute to the reject message with this value. Note that you need to quote the message if it contains white space. .sp +If there is no \fBaccountingserver\fR option, the proxy will normally do +nothing, ignoring accounting requests. There is however an option called +\fBAccountingResponse\fR. If this is set to \fBon\fR, the proxy will log +some of the accounting information and send an Accounting-Response back. +This is useful if you do not care much about accounting, but want to stop +clients from retransmitting accounting requests. By default this option +is set to \fBoff\fR. +.sp .SH "TLS BLOCK" The TLS block specifies TLS configuration options and you need at least one -- cgit v1.2.3