./net/freeradius2, Free RADIUS server implementation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.2.10nb3, Package name: freeradius-2.2.10nb3, Maintainer: pkgsrc-users

All code in this server was written from scratch.

The server is mostly compatible with livingston radiusd-2.01
(no menus or s/key support though) but with more feautures, such as:

o Can limit max. number of simultaneous logins on a per-user basis!
o Multiple DEFAULT entries, that can optionally fall-through.
o In fact, every entry can fall-through
o Deny/permit access based on huntgroup users dials into
o Set certain parameters (such as static IP address) based on huntgroup
o Extra "hints" file that can select SLIP/PPP/rlogin based on
username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc).
o Can execute an external program when user has authenticated (for example
to run a sendmail queue).
o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files
o Can act as a proxy server, relaying requests to a remote server
o Supports Vendor-Specific attributes
o No good documentation at all, just like the original radiusd 1.16!

Then of course for general RADIUS questions, especially if you are using
Livingston / Lucent RABU equipment, there is the portmaster-radius mailing
list. Send mail to portmaster-radius-request@livingston.com to find
out how to subscribe.

MESSAGE.pam [+/-]

Required to run:
[databases/gdbm] [lang/perl5] [net/net-snmp] [security/openssl] [devel/libltdl]

Required to build:
[pkgtools/cwrappers]

Package options: freeradius-simul-use, gdbm

Master sites:

SHA1: 63ebd7b2b1526c0536a6754488e8b53b2e267e29
RMD160: 65734eb9a9ab1671b4d64e0f12d60da4e35ce283
Filesize: 2728.874 KB

Version history: (Expand)


CVS history: (Expand)


   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2020-01-25 11:45:12 by Jonathan Perkin | Files touched by this commit (24)
Log message:
*: Remove obsolete BUILDLINK_API_DEPENDS.openssl.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-16 14:33:51 by Jonathan Perkin | Files touched by this commit (12)
Log message:
*: Remove USE_OLD_DES_API.

OpenSSL 1.1.1d no longer ships des_old.h, and the time for this being
necessary appears to be behind us.
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-07-06 20:40:01 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
freeradius2: fix configuration files installation - demoCA/cacert.pem is not \ 
needed, but certs/Makefile is; bump revision
   2019-07-04 14:26:48 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
freeradius2: updated to 2.2.10

Version 2.2.10:
BUG FIXES
Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html
FR-GV-207 Avoid zero-length malloc() in data2vp().
FR-GV-206 correct decoding of option 60.
FR-GV-205 check for "too long" WiMAX options.
FR-GV-204 free VP if decoding fails, so we don't leak memory.
FR-GV-203 fix memory leak when using decode_tlv().
FR-GV-202 check for "too long" attributes.
FR-GV-201 check input/output length in make_secret().
FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
Disable in-memory TLS session caches due to OpenSSL API issues.
Allow issuer_cert to be empty.
Look for extensions using correct index.
Fix types.
Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
Allow OCSP responder URL to be later in the packet
Catch empty subject and non-existent issuer cert in OCSP
Allow non-FIPS for MD5