Parent Directory | Revision Log | Patch
--- radius/NEWS 2003/12/24 16:08:29 1.67 +++ radius/NEWS 2004/09/15 12:55:17 1.89 @@ -1,8 +1,167 @@ -GNU Radius NEWS -- history of user-visible changes. 2003-12-08 -Copyright (C) 2002,2003 Free Software Foundation, Inc. +GNU Radius NEWS -- history of user-visible changes. 2004-09-15 +Copyright (C) 2002,2003,2004 Free Software Foundation, Inc. See the end of file for copying conditions. Please send radius bug reports to <bug-gnu-radius@gnu.org> +^L +Version 1.2.94: + +* Important compatibility note. + +Previous versions of GNU Radius were silently adding an NAS-IP-Address +attribute/value pair to any requests lacking it. Whereas such behavior +is sometimes useful, it is not always needed. Therefore, the new +version of GNU Radius does not automatically add this attribute. +Instead, a rewrite rule is provided for this purpose. The default +raddb/hints file is shipped with this rule enabled. If you are +upgrading from a previously installed version of GNU Radius, you might +wish to add the following rule to the very beginning of your +'raddb/hints': + + DEFAULT Rewrite-Function = restore_nas_ip + Fall-Through = Yes + +If you chose to do so, add the following statement to the "rewrite" +section of 'raddb/config': + + load "nas-ip.rw"; + +* radiusd + +** New constructs in dictionary file + +*** BEGIN VENDOR blocks. + +These simplify declaration of vendor-specific attributes. Instead of +explicitely specifying vendor name for each VSA, you can enclose all +related declarations in BEGIN VENDOR statement: + + BEGIN VENDOR Unix 4 + .... + END + +An alternative form BEGIN-VENDOR ... END-VENDOR is supported for +compatibility with FreeRadius + +*** Specifying - (dash) for non-VSA attributes that have syntax flags +specifications is no longer obligatory. + +** Improved checking for multiple logins. Previous versions relied entirely +on the contents of /var/log/radutmp file. Starting at this version, +radiusd offers at least two methods of checking for multiple logins: +using the traditional radutmp file and using the SQL database. New +keywords has been added to the sqlserver file that declare the SQL +queries to be used when retrieving information about currently +active sessions. + +More methods of checking will be added in future versions. + +** New methods of querying the NASes about active user sessions: using +guile function and using an external program. + +** When an unsupported authentication type is requested, radiusd first +checks if an extension Scheme module is provided that handles that +authentication type. If such module is found, it is invoked to handle +the authentication. + +** System accounting can be turned off by specifying `system no;' in +`acct' section of raddb/config. + +** New configuration statement 'load-module' allows to load arbitrary +Scheme modules. + +** The file names of detailed log files are configurable via `detail-file-name' +statements in `auth' and `acct' sections of raddb/config. + +** Support for Guile versions prior to 1.6 has been withdrawn. + +** Implemented support for locking user accounts based on the number +of authentication failures: + +*** New attribute Auth-Failure-Trigger specifies an external program or +a Scheme expression to be run upon an authentication failure. It can +update failure counts that subsequently will be used by +Exec-Program-Wait or Scheme-Procedure. + +*** New keywords auth_success_query and auth_failure_query set +SQL queries to be executed upon authentication success and failure, +respectively. These may maintain failure counts, that can be +used by group_query to control the authentication. + +** Rewrite-Function attributes are handled uniformly in hints and +huntgroups. First, the Rewrite-Function attributes from the RHS list +are processed, then the ones from the LHS list. Notice, that in +contrast with the previous versions, any number of Rewrite-Function +attributes is allowed in both lists. + +* SQL support has been modified to use dynamic loading. This allows +for easy integration of third-party SQL drivers. All existing SQL +drivers are now built as loadable modules on systems that support +dynamic loading. You may still compile them statically by giving +--disable-shared option to configure. + +* Rewrite language + +** Added i18n support + +** New built-in functions: + +*** Functions to access internal fields of a RADIUS request. +*** Interfaces to the Radius NAS database (raddb/naslist). +*** Interfaces to DNS lookup functions. + +* libgnuradius + +This is a library of functions for creation, handling and sending +requests using RADIUS protocol. + +All programs have been rewritten to link with libgnuradius. On most +sites this will mean linking against a shared library, which will +reduce the size of the executables. + +* gnuradius.scm + +This is a guile module allowing to use libgnuradius functions. It +supersedes radscm program, which has been removed. + +* Radtest + +The utility is rewritten from scratch. Now it provides a simple yet +powerful scripting language useful for writing RADIUS client applications. + +* New contributions added to contrib/ directory: + + php A php module for interfacing with Radius + passcvt Converts system password database to Radius SQL + table on systems with shadow password file (e.g. + GNU/Linux) + passwd_to_db Converts system password database to Radius SQL + table on Free-BSD + radsend Simplified interface to radtest utility + +See README files in corresponding directories. + +* Testsuite rewritten in autotest. This allows to run it on almost +any platform. + +* Bugfixes + +** Allow to omit port numbers in `listen' statements (raddb/config), as +described in the documentation. + +** Fixed several inconsistencies in parsing Ascend-Data-Filter and +Ascend-Call-Filter attributes. + +** Fixed bugs in SNMP library (CAN-2004-0849) + +** Do not use descriptors 0 and 1 for interprocess communications since +user-defined procedures and/or libraries may attempt to write to +stdout and thus interfere in the communication. + +** Fixed 'forward' statement in `acct' block. It was incorrectly +enabling forwarding of authentication requests, instead of accounting +ones. + Version 1.2: @@ -1041,7 +1200,7 @@ be told the ways of handling them withou ========================================================================= Copyright information: -Copyright (C) 2002 Free Software Foundation, Inc. +Copyright (C) 2002,2003,2004 Free Software Foundation, Inc. Permission is granted to anyone to make or distribute verbatim copies of this document as received, in any medium, provided that the
savannah-hackers-public@gnu.org | ViewVC Help |
Powered by ViewVC 1.1.26 |