[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.1.1 option block


option {
        source-ip number ; 
        max-requests number ; 
        radiusd-user string ; 
        exec-program-user string ; 
        username-chars string ; 
        log-dir string ; 
        acct-dir string ; 
        resolve bool ; 
        max-processes number ; 
        process-idle-timeout number ; 
        master-read-timeout number ; 
        master-write-timeout number ; 
} ;


The option block defines the global options to be used by radiusd.

Boolean statements


Determines whether radius should resolve the IP addresses for diagnostic output. Specifying resolve no speeds up the server and reduces the network traffic.

Numeric statements


Sets the source IP address. When this statement is not present, the IP address of the first available network interface on the machine will be used as source.


Sets the maximum number of the requests in queue.


Sets the maximum number of child processes. The default value is 16. If you plan to raise this value, make sure you have enough file descriptors available, as each child occupies four descriptors for its input/output channels.


Sets the maximum idle time for child processes. A child terminates if it does not receive any requests from the main process within this number of seconds. By default, this parameter is 3600 seconds (one hour).


These two values set the timeout values for the interprocess input/output operations in the main server process. More specifically, master-read-timeout sets the maximum number of seconds the main process will wait for the answer from the subprocess, and master-write-timeout sets the maximum number of seconds the main process will wait for the subprocess's comunication channel to become ready for input. By default, no timeouts are imposed.

String statements


Instructs radiusd to drop root privileges and to switch to the real user and group IDs of the given user after becoming daemon. Notice the following implications of this statement:

  1. All configuration files must be readable for this user.
  2. Authentication type System (see section System Authentication Type) requires root privileges, so it cannot be used with radiusd-user. Any ‘raddb/users’ profiles using this authentication type will be discarded.
  3. Authentication type PAM (see section PAM Authentication Type) may require root provileges. It is reported to always require root privileges on some systems (notably on Solaris).
  4. exec-program-user statement (see below) is ignored when used with radiusd-user.

Sets the privileges for the programs executed as a result of Exec-Program and Exec-Program-Wait. The real user and group ids will be retrieved from the ‘/etc/passwd’ entry for the given user.


Determines characters that are valid within a username. The alphanumeric characters are always allowed in a username, it is not necessary to specify them in this statement. By default the following characters are allowed in a username: ‘.-_!@#$%^&\/"’. The username-chars statement overrides this default, thus setting:

username-chars ":"

will restrict the set of allowed characters to the alphanumeric characters and colon. If you wish to expand the default character set, you will have to explicitly specify it in the username-chars argument, as shown in the example below:

username-chars ".-_!@#$%^&\\/\":"

(Notice the use of escape character ‘\’).


Specifies the logging directory.


Specifies the accounting directory.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.