Sophie: freeradius-3.0.20-1.mga7 armv7hl

freeradius-3.0.20-1.mga7.armv7hl.rpm

# -*- text -*-
######################################################################
#
#	Control socket interface.
#
#	In the future, we will add username/password checking for
#	connections to the control socket.  We will also add
#	command authorization, where the commands entered by the
#	administrator are run through a virtual server before
#	they are executed.
#
#	For now, anyone who has permission to connect to the socket
#	has nearly complete control over the server.  Be warned!
#
#	This functionality is NOT enabled by default.
#
#	See also the "radmin" program, which is used to communicate
#	with the server over the control socket.
#
#	$Id: 97ba9ef972539af80dcaf84090b55d991095a93e $
#
######################################################################
listen {
	#
	#  Listen on the control socket.
	#
	type = control

	#
	#  Socket location.
	#
	#  This file is created with the server's uid and gid.
	#  It's permissions are r/w for that user and group, and
	#  no permissions for "other" users.  These permissions form
	#  minimal security, and should not be relied on.
	#
	socket = ${run_dir}/${name}.sock

	#
	#  Peercred auth
	#
	#  By default the server users the peercred feature of unix
	#  sockets to get the UID and GID of the user connecting to
	#  the socket. You may choose to disable this functionality
	#  and rely on the file system for enforcing permissions.
	#
	#  On most Unix systems, the permissions set on the socket
	#  are not enforced, but the ones on the directory containing
	#  the socket are.
	#
	#  To use filesystem permissions you should create a new
	#  directory just to house the socket file, and set
	#  appropriate permissions on that.
	#
#	peercred = no
#	socket = ${run_dir}/control/${name}.sock

	#
	#  The following two parameters perform authentication and
	#  authorization of connections to the control socket.
	#
	#  If not set, then ANYONE can connect to the control socket,
	#  and have complete control over the server.  This is likely
	#  not what you want.
	#
	#  One, or both, of "uid" and "gid" should be set.  If set, the
	#  corresponding value is checked.  Unauthorized users result
	#  in an error message in the log file, and the connection is
	#  closed.
	#

	#
	#  Name of user that is allowed to connect to the control socket.
	#
#	uid = radius

	#
	#  Name of group that is allowed to connect to the control socket.
	#
#	gid = radius

	#
	#  Access mode.
	#
	#  This can be used to give *some* administrators access to
	#  monitor the system, but not to change it.
	#
	#	ro = read only access (default)
	#	rw = read/write access.
	#
#	mode = rw
}