diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2015-08-03 04:19:26 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2015-08-03 04:19:26 +0000 |
| commit | 0214b0dfa6aeb5b640f1039954f72d75d8ac306d (patch) | |
| tree | 03fa7cda5ff727ccce90e8e8fc7a499fb581560c /etc | |
| parent | 8a0309d6a6453f010fb63b21dbee60b984eccd45 (diff) | |
Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc
to hook the rc script and modify etc/rc.conf to make it disable by
default. Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Makefile | 6 | ||||
| -rw-r--r-- | etc/changelist | 3 | ||||
| -rw-r--r-- | etc/examples/radiusd.conf | 26 | ||||
| -rw-r--r-- | etc/mtree/special | 3 | ||||
| -rw-r--r-- | etc/rc | 4 | ||||
| -rw-r--r-- | etc/rc.conf | 3 | ||||
| -rw-r--r-- | etc/rc.d/radiusd | 11 |
7 files changed, 48 insertions, 8 deletions
diff --git a/etc/Makefile b/etc/Makefile index 11596fa6ed5..502c5bf05bc 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.404 2015/07/03 22:05:53 millert Exp $ +# $OpenBSD: Makefile,v 1.405 2015/08/03 04:19:25 yasuoka Exp $ TZDIR= /usr/share/zoneinfo LOCALTIME= Canada/Mountain @@ -47,8 +47,8 @@ EXAMPLES+= wsconsctl.conf # -rw------- EXAMPLES_600=bgpd.conf dvmrpd.conf hostapd.conf iked.conf ipsec.conf \ - ldapd.conf ldpd.conf ospf6d.conf ospfd.conf pf.conf rc.local \ - rc.securelevel rc.shutdown relayd.conf ripd.conf \ + ldapd.conf ldpd.conf ospf6d.conf ospfd.conf pf.conf radiusd.conf \ + rc.local rc.securelevel rc.shutdown relayd.conf ripd.conf \ sasyncd.conf snmpd.conf ypldap.conf # -r-xr-xr-x diff --git a/etc/changelist b/etc/changelist index 4d380850d62..f1cbc93c6f1 100644 --- a/etc/changelist +++ b/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.107 2015/07/23 14:49:10 sthen Exp $ +# $OpenBSD: changelist,v 1.108 2015/08/03 04:19:25 yasuoka Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -90,6 +90,7 @@ /etc/profile /etc/protocols +/etc/pwd.db ++/etc/radiusd.conf /etc/rbootd.conf /etc/rc /etc/rc.conf diff --git a/etc/examples/radiusd.conf b/etc/examples/radiusd.conf new file mode 100644 index 00000000000..63b949900a4 --- /dev/null +++ b/etc/examples/radiusd.conf @@ -0,0 +1,26 @@ +# $OpenBSD: radiusd.conf,v 1.1 2015/08/03 04:19:25 yasuoka Exp $ + +listen on 0.0.0.0 +#listen on :: + +client 127.0.0.1/32 { + secret "secret" +} +client 192.168.0.0/24 { + secret "secret" + msgauth-required yes +} + +module load bsdauth "/usr/libexec/radiusd/radiusd_bsdauth" +module set bsdauth restrict-group operator + +module load radius "/usr/libexec/radiusd/radiusd_radius" +module set radius "secret" "testing123" +module set radius "server" "127.0.0.1" + +authenticate *@local { + authenticate-by bsdauth +} +authenticate *@example.com { + authenticate-by radius +} diff --git a/etc/mtree/special b/etc/mtree/special index 6061c52dde5..e891a8b010e 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.114 2015/07/23 14:49:10 sthen Exp $ +# $OpenBSD: special,v 1.115 2015/08/03 04:19:25 yasuoka Exp $ # # Hand-crafted mtree specification for the dangerous files. # @@ -75,6 +75,7 @@ ospf6d.conf type=file mode=0600 uname=root gname=wheel optional passwd type=file mode=0644 uname=root gname=wheel pf.conf type=file mode=0600 uname=root gname=wheel optional printcap type=file mode=0644 uname=root gname=wheel optional +radiusd.conf type=file mode=0600 uname=root gname=wheel optional rc type=file mode=0644 uname=root gname=wheel rc.conf type=file mode=0644 uname=root gname=wheel rc.conf.local type=file mode=0644 uname=root gname=wheel optional @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.454 2015/07/20 06:59:39 rpe Exp $ +# $OpenBSD: rc,v 1.455 2015/08/03 04:19:25 yasuoka Exp $ # System startup script run by init on autoboot or after single-user. # Output and error are redirected to console by init, and the console is the @@ -494,7 +494,7 @@ echo 'preserving editor files.'; /usr/libexec/vi.recover echo -n 'starting network daemons:' start_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated -start_daemon relayd dhcpd dhcrelay mrouted dvmrpd +start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd if ifconfig lo0 inet6 >/dev/null 2>&1; then fw=`sysctl -n net.inet6.ip6.forwarding` diff --git a/etc/rc.conf b/etc/rc.conf index c4c7ca46bde..ac2f3ffe659 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -1,4 +1,4 @@ -# $OpenBSD: rc.conf,v 1.203 2015/05/18 13:48:38 deraadt Exp $ +# $OpenBSD: rc.conf,v 1.204 2015/08/03 04:19:25 yasuoka Exp $ # DO NOT EDIT THIS FILE!! # @@ -44,6 +44,7 @@ ntpd_flags= ospfd_flags=NO ospf6d_flags=NO pflogd_flags= # add more flags, e.g. "-s 256" +radiusd_flags=NO rarpd_flags=NO rbootd_flags=NO relayd_flags=NO diff --git a/etc/rc.d/radiusd b/etc/rc.d/radiusd new file mode 100644 index 00000000000..769af3823fa --- /dev/null +++ b/etc/rc.d/radiusd @@ -0,0 +1,11 @@ +#!/bin/sh +# +# $OpenBSD: radiusd,v 1.1 2015/08/03 04:19:25 yasuoka Exp $ + +daemon="/usr/sbin/radiusd" + +. /etc/rc.d/rc.subr + +rc_reload=NO + +rc_cmd $1 |