[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.1.3 auth statement


auth {
        listen ( addr-list | no ); 
        forward addr-list; 
        port number ; 
        max-requests number ; 
        time-to-live number ; 
        request-cleanup-delay number ; 
        detail bool ; 
        strip-names bool ; 
        checkrad-assume-logged bool ; 
        password-expire-warning number ; 
        compare-atribute-flag character ; 
        trace-rules bool ; 
        reject-malformed-names bool ; 
} ;


The auth statement configures the parameters of the authentication service.

listen statement

This statement determines on which addresses radiusd will listen for incoming authentication requests. Its argument is a comma-separated list of items in the form ip:port-number. ip can be either an IP address in familiar “dotted-quad” notation or a hostname. :port-number part may be omitted, in which case the default authentication port is assumed.

If the listen statement is omitted, radiusd will accept incoming requests from any interface on the machine.

The special value no disables listening for authentication requests.

The following example configures radius to listen for the incoming requests on the default authentication port on the address and on port 1645 on address


forward statement

This statement enables forwarding of the requests to the given set of servers. Forwarding is an experimental feature of GNU Radius, it differs from proxying in that the requests are sent to the remote server (or servers) and processed locally. The remote server is not expected to reply.

This mode is intended primarily for debugging purposes. It could also be useful in some very complex and unusual configurations.

Numeric statements


Sets the number of which UDP port to listen on for the authentication requests.


Sets the maximum number of authentication requests in the queue. Any surplus requests will be discarded.


Sets the request time-to-live in seconds. The time-to-live is the time to wait for the completion of the request. If the request job isn't completed within this interval of time it is cleared, the corresponding child process killed and the request removed from the queue.


Sets the request cleanup delay in seconds, i.e. determines how long will the completed authentication request reside in the queue.


Sets the time interval for password expiration warning. If user's password expires within given number of seconds, radiusd will send a warning along with authentication-acknowledge response. Default is 0.

Boolean statements


When set to true, radiusd will produce the detailed log of each received packet in the file ‘radacct/nasname/detail.auth’. The format of such log files is identical to the format of detailed accounting files (see section Detailed Request Accounting).


Determines whether radiusd should strip any prefixes/suffixes off the username before logging.


See section mlc statement, for the description of this setting. It is accepted in auth for compatibility with previous versions of GNU Radius.


Enables tracing of the configuration rules that were matched during processing of each received authentication request. See section Rule Tracing, for detailed information about this mode.


Enables sending access-reject replies for the access-accept requests that contain an invalid value in User-Name attribute. By default such requests are discarded without answering. See the description of username-chars (see section Option statement).

Character statement


The argument to this statement is a character from ‘1’ through ‘9’. This statement modifies the request comparison method for authentication requests. See section Extended Comparison, for a detailed description of its usage.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.