/[radius]/radius/NEWS
ViewVC logotype

Diff of /radius/NEWS

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch 

--- radius/NEWS	2003/12/24 16:08:29	1.67
+++ radius/NEWS	2004/09/15 12:55:17	1.89
@@ -1,8 +1,167 @@
-GNU Radius NEWS -- history of user-visible changes. 2003-12-08
-Copyright (C) 2002,2003 Free Software Foundation, Inc.
+GNU Radius NEWS -- history of user-visible changes. 2004-09-15
+Copyright (C) 2002,2003,2004 Free Software Foundation, Inc.
 See the end of file for copying conditions.
 
 Please send radius bug reports to <bug-gnu-radius@gnu.org>
+^L
+Version 1.2.94:
+
+* Important compatibility note.
+
+Previous versions of GNU Radius were silently adding an NAS-IP-Address
+attribute/value pair to any requests lacking it. Whereas such behavior
+is sometimes useful, it is not always needed. Therefore, the new
+version of GNU Radius does not automatically add this attribute.
+Instead, a rewrite rule is provided for this purpose. The default
+raddb/hints file is shipped with this rule enabled. If you are
+upgrading from a previously installed version of GNU Radius, you might
+wish to add the following rule to the very beginning of your
+'raddb/hints':
+
+  DEFAULT Rewrite-Function = restore_nas_ip
+          Fall-Through = Yes
+
+If you chose to do so, add the following statement to the "rewrite"
+section of 'raddb/config':
+	  
+	load "nas-ip.rw";
+
+* radiusd
+
+** New constructs in dictionary file
+
+*** BEGIN VENDOR blocks.
+
+These simplify declaration of vendor-specific attributes. Instead of
+explicitely specifying vendor name for each VSA, you can enclose all
+related declarations in BEGIN VENDOR statement:
+
+ BEGIN VENDOR Unix 4
+ ....
+ END
+
+An alternative form BEGIN-VENDOR ... END-VENDOR is supported for
+compatibility with FreeRadius
+ 
+*** Specifying - (dash) for non-VSA attributes that have syntax flags
+specifications is no longer obligatory.
+
+** Improved checking for multiple logins. Previous versions relied entirely
+on the contents of /var/log/radutmp file. Starting at this version,
+radiusd offers at least two methods of checking for multiple logins:
+using the traditional radutmp file and using the SQL database. New
+keywords has been added to the sqlserver file that declare the SQL
+queries to be used when retrieving information about currently
+active sessions.
+
+More methods of checking will be added in future versions.
+
+** New methods of querying the NASes about active user sessions: using
+guile function and using an external program.
+
+** When an unsupported authentication type is requested, radiusd first
+checks if an extension Scheme module is provided that handles that
+authentication type. If such module is found, it is invoked to handle
+the authentication.
+
+** System accounting can be turned off by specifying `system no;' in
+`acct' section of raddb/config. 
+
+** New configuration statement 'load-module' allows to load arbitrary
+Scheme modules.
+
+** The file names of detailed log files are configurable via `detail-file-name'
+statements in `auth' and `acct' sections of raddb/config.
+
+** Support for Guile versions prior to 1.6 has been withdrawn.
+
+** Implemented support for locking user accounts based on the number
+of authentication failures:
+
+*** New attribute Auth-Failure-Trigger specifies an external program or
+a Scheme expression to be run upon an authentication failure. It can
+update failure counts that subsequently will be used by
+Exec-Program-Wait or Scheme-Procedure.
+
+*** New keywords auth_success_query and auth_failure_query set 
+SQL queries to be executed upon authentication success and failure,
+respectively. These may maintain failure counts, that can be
+used by group_query to control the authentication.
+
+** Rewrite-Function attributes are handled uniformly in hints and
+huntgroups. First, the Rewrite-Function attributes from the RHS list
+are processed, then the ones from the LHS list. Notice, that in
+contrast with the previous versions, any number of Rewrite-Function
+attributes is allowed in both lists.
+
+* SQL support has been modified to use dynamic loading. This allows
+for easy integration of third-party SQL drivers. All existing SQL
+drivers are now built as loadable modules on systems that support
+dynamic loading. You may still compile them statically by giving
+--disable-shared option to configure.
+
+* Rewrite language
+
+** Added i18n support
+
+** New built-in functions:
+
+*** Functions to access internal fields of a RADIUS request.
+*** Interfaces to the Radius NAS database (raddb/naslist).
+*** Interfaces to DNS lookup functions.
+
+* libgnuradius
+
+This is a library of functions for creation, handling and sending
+requests using RADIUS protocol.
+
+All programs have been rewritten to link with libgnuradius. On most
+sites this will mean linking against a shared library, which will
+reduce the size of the executables.
+
+* gnuradius.scm
+
+This is a guile module allowing to use libgnuradius functions. It
+supersedes radscm program, which has been removed.
+
+* Radtest
+
+The utility is rewritten from scratch. Now it provides a simple yet
+powerful scripting language useful for writing RADIUS client applications.
+
+* New contributions added to contrib/ directory:
+
+ php                A php module for interfacing with Radius
+ passcvt            Converts system password database to Radius SQL
+		    table on systems with shadow password file (e.g.
+		    GNU/Linux)
+ passwd_to_db 	    Converts system password database to Radius SQL
+		    table on Free-BSD	     
+ radsend	    Simplified interface to radtest utility
+
+See README files in corresponding directories. 
+
+* Testsuite rewritten in autotest. This allows to run it on almost
+any platform.
+
+* Bugfixes
+
+** Allow to omit port numbers in `listen' statements (raddb/config), as
+described in the documentation.
+    
+** Fixed several inconsistencies in parsing Ascend-Data-Filter and
+Ascend-Call-Filter attributes.
+
+** Fixed bugs in SNMP library (CAN-2004-0849)
+
+** Do not use descriptors 0 and 1 for interprocess communications since
+user-defined procedures and/or libraries may attempt to write to
+stdout and thus interfere in the communication.
+
+** Fixed 'forward' statement in `acct' block. It was incorrectly
+enabling forwarding of authentication requests, instead of accounting
+ones.
+
 
 Version 1.2:
 
@@ -1041,7 +1200,7 @@ be told the ways of handling them withou
 =========================================================================
 Copyright information:
 
-Copyright (C) 2002 Free Software Foundation, Inc.
+Copyright (C) 2002,2003,2004 Free Software Foundation, Inc.
 
    Permission is granted to anyone to make or distribute verbatim copies
    of this document as received, in any medium, provided that the
 
savannah-hackers-public@gnu.org
 ViewVC Help
Powered by ViewVC 1.1.26