[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

5.1.1 option block

Syntax:

 
option {
        source-ip number ; 
        max-requests number ; 
        radiusd-user string ; 
        exec-program-user string ; 
        username-chars string ; 
        log-dir string ; 
        acct-dir string ; 
        resolve bool ; 
        max-processes number ; 
        process-idle-timeout number ; 
        master-read-timeout number ; 
        master-write-timeout number ; 
} ;

Usage

The option block defines the global options to be used by radiusd.

Boolean statements

resolve
Determines whether radius should resolve the IP addresses for diagnostic output. Specifying resolve no speeds up the server and reduces the network traffic.

Numeric statements

source-ip
Sets the source IP address. When this statement is not present, the IP address of the first available network interface on the machine will be used as source.

max-requests
Sets the maximum number of the requests in queue.

max-processes
Sets the maximum number of child processes. The default value is 16. If you plan to raise this value, make sure you have enough file descriptors available, as each child occupies four descriptors for its input/output channels.

process-idle-timeout
Sets the maximum idle time for child processes. A child terminates if it does not receive any requests from the main process within this number of seconds. By default, this parameter is 3600 seconds (one hour).

master-read-timeout
master-write-timeout
These two values set the timeout values for the interprocess input/output operations in the main server process. More specifically, master-read-timeout sets the maximum number of seconds the main process will wait for the answer from the subprocess, and master-write-timeout sets the maximum number of seconds the main process will wait for the subprocess's comunication channel to become ready for input. By default, no timeouts are imposed.

String statements

radiusd-user
Instructs radiusd to drop root privileges and to switch to the real user and group IDs of the given user after becoming daemon. Notice the following implications of this statement:

  1. All configuration files must be readable for this user.
  2. Authentication type System (see section 7.5 System Authentication Type) requires root privileges, so it cannot be used with radiusd-user. Any `raddb/users' profiles using this authentication type will be discarded.
  3. Authentication type PAM (see section 7.7 PAM Authentication Type) may require root provileges. It is reported to always require root privileges on some systems (notably on Solaris).
  4. exec-program-user statement (see below) is ignored when used with radiusd-user.

exec-program-user
Sets the privileges for the programs executed as a result of Exec-Program and Exec-Program-Wait. The real user and group ids will be retrieved from the `/etc/passwd' entry for the given user.

username-chars
Determines characters that are valid within a username. The alphanumeric characters are always allowed in a username, it is not necessary to specify them in this statement. By default the following characters are allowed in a username: `.-_!@#$%^&\/"'. The username-chars statement overrides this default, thus setting:

 
username-chars ":"

will restrict the set of allowed characters to the alphanumeric characters and colon. If you wish to expand the default character set, you will have to explicitly specify it in the username-chars argument, as shown in the example below:

 
username-chars ".-_!@#$%^&\\/\":"

(Notice the use of escape character `\').

log-dir
Specifies the logging directory.

acct-dir
Specifies the accounting directory.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated by Sergey Poznyakoff on November, 20 2004 using texi2html