2 files changed, 32 insertions, 22 deletions

diff --git a/etc/examples/radiusd.conf b/etc/examples/radiusd.conf
index 63b949900a4..47f4064c738 100644
--- a/etc/examples/radiusd.conf
+++ b/etc/examples/radiusd.conf
@@ -1,4 +1,4 @@
-#	$OpenBSD: radiusd.conf,v 1.1 2015/08/03 04:19:25 yasuoka Exp $
+#	$OpenBSD: radiusd.conf,v 1.2 2019/04/01 09:40:16 yasuoka Exp $
 
 listen on 0.0.0.0
 #listen on ::
@@ -11,16 +11,16 @@ client 192.168.0.0/24 {
 	msgauth-required yes
 }
 
-module load bsdauth "/usr/libexec/radiusd/radiusd_bsdauth"
-module set bsdauth  restrict-group operator
+module load "bsdauth" "/usr/libexec/radiusd/radiusd_bsdauth"
+module set "bsdauth" "restrict-group" "operator"
 
-module load radius  "/usr/libexec/radiusd/radiusd_radius"
-module set radius "secret" "testing123"
-module set radius "server" "127.0.0.1"
+module load "radius"  "/usr/libexec/radiusd/radiusd_radius"
+module set "radius" "secret" "testing123"
+module set "radius" "server" "127.0.0.1"
 
 authenticate *@local {
-	authenticate-by bsdauth
+	authenticate-by "bsdauth"
 }
 authenticate *@example.com {
-	authenticate-by radius
+	authenticate-by "radius"
 }
diff --git a/usr.sbin/radiusd/radiusd.conf.5 b/usr.sbin/radiusd/radiusd.conf.5
index 90eff773a48..9237715d6be 100644
--- a/usr.sbin/radiusd/radiusd.conf.5
+++ b/usr.sbin/radiusd/radiusd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: radiusd.conf.5,v 1.9 2019/04/01 09:25:14 yasuoka Exp $
+.\"	$OpenBSD: radiusd.conf.5,v 1.10 2019/04/01 09:40:16 yasuoka Exp $
 .\"
 .\" Copyright (c) 2014 Esdenera Networks GmbH
 .\" Copyright (c) 2014 Internet Initiative Japan Inc.
@@ -59,10 +59,11 @@ Message authentication is required if
 is specified.
 .El
 .It Ic module Ic load Ar name path
-Load module
-.Ar name
+Load a module
 from
-.Ar path .
+.Ar path
+and name it with the given
+.Ar name .
 The following modules are available:
 .Bl -column "/usr/libexec/radiusd/radiusd_bsdauthXXX"
 .It Sy "Path" Ta Sy "Description"
@@ -84,11 +85,20 @@ The
 .Dq radius
 module provides authentication from upstream RADIUS servers.
 .El
-.It Ic module Ic set Ar key Ar value ...
-Configure the module specific configuration by
+.It Ic module Ic set Ar module Ar key Ar value ...
+Configure the module specific configurations by
 .Ar key
 and
-.Ar value .
+.Ar value
+for the module specified by
+.Ar module .
+Notice that
+.Ar module ,
+.Ar key , and
+.Ar value
+must be quoted to be distinguished from the reserved word (eg.
+.Dq secret )
+if needed.
 .Pp
 The
 .Dq bsdauth
@@ -180,18 +190,18 @@ client 192.168.0.0/24 {
 	msgauth-required yes
 }
 
-module load bsdauth "/usr/libexec/radiusd/radiusd_bsdauth"
-module set bsdauth  restrict-group operator
+module load "bsdauth" "/usr/libexec/radiusd/radiusd_bsdauth"
+module set "bsdauth"  "restrict-group" "operator"
 
-module load radius  "/usr/libexec/radiusd/radiusd_radius"
-module set radius "secret" "testing123"
-module set radius "server" "127.0.0.1"
+module load "radius" "/usr/libexec/radiusd/radiusd_radius"
+module set "radius" "secret" "testing123"
+module set "radius" "server" "127.0.0.1"
 
 authenticate *@example.com {
-	authenticate-by radius
+	authenticate-by "radius"
 }
 authenticate * {
-	authenticate-by bsdauth
+	authenticate-by "bsdauth"
 }
 .Ed
 .Sh SEE ALSO