(RADIATOR) Version 2.18.2 released

Mike McCauley mikem at open.com.au
Wed Aug 29 23:41:23 CDT 2001 

We are pleased to announce the release of Radiator version 2.18.3
This version provides a number of bug fixes and some new features.

As usual, the new version is available free of charge to current 
licensees from 
http://www.open.com.au/radiator/downloads/Radiator-2.18.3.tgz
or
http://www.open.com.au/radiator/downloads/Radiator-2.18.3-1.noarch.rpm

and to current evaluators from 
http://www.open.com.au/radiator/demo-downloads/Radiator-Demo-2.18.3.tgz
or
http://www.open.com.au/radiator/downloads/Radiator-Demo-2.18.3-1.noarch.rpm

An extract from the history file is attached


-----------------------------
Revision 2.18.3 (30/8/01) Significant new features, some bug fixes 

Added EAP support for OTP and MD5-Challenge, works with AuthBy OPIE
and any authentication database with plaintext passwords
(eg AuthBy FILE, AuthBy SQL, etc). Extensible mechanism in EAP.pm
permits new EAP protocols to be added.

Added support for improvements in RAdmin 1.5, including Service
Profiles and arbitrary per-user and per-service RADIUS check and reply
items. Caution: the default AuthSelect has changed.

Added beta version of AuthBy ACE, permitting authentication direct to
a SecureID ACE server, instead of proxying.  Certification by RSA is
still pending. Example goodies/ace.cfg is included. Requires
Authen-ACE4 perl module from Open System Consultants.

Default behaviour of Log SYSLOG and AuthLog SYSLOG changed to log via
unix sockets by default. This works correctly with more syslog
daemons. New parameter LogSock permits this to be changed.

Added new comand line argument -rawfile to radpwtst. 

SessionDatabase SQL DeleteQuery now has the column values of the
record to delete passed as %0 to %4.

Improvements to RPM packaging suggested by Gustav Foseid
(gustavf at initio.no)

Added AuthSQLStatement, similar to AcctSQLStatement: any number of SQL
statements that will run before authentication.  Patch provided by
(talist at vif.com). Thanks!

Performance improvements in tunnel password and mppe key encryption
and decryption.

All port parameters (eg AuthPort, AcctPort, Port, OutPort etc) may
contain special formatting characters. A typical use of special
formatting characters is with GlobalVar and command line arguments.

Fixes to AuthBy EMERALD so that if HonourDNISGroups is defined but
there is no DNIS in the request, or if HonourServerPortAccess is
defined, but there is no Nas-Port in the request, the constraints are
not applied.

Improvement to AuthBy LDAP2 so that illegal charcaters in a user name
wont cause disconnection from the LDAP server.  Identified and patched
by Carlos Canau (canau at keka.KPNQwest.pt)

Added support for group check items to AuthBy PAM, for PAM modules
that support the notion of a group (such as pam_teleid).

Loading database export files now works independently of the export
file was generated on Unix or Windows.

Logging of 'Handling with $type' now includes the Identifier of the
AuthBy moodule.

Added example code to goodies/asplog.txt: How to display Radiator SQL
accounting logs with an ASP/VB script. Contributed by
"Michael Audet" (audet at vectorcore.com) Thanks Michael! 

Fixed problem with AuthBy RODOPI that was broken by 2.18.1. 

Added support for Rcrypt reversibly encrypted passwords. Now your user
database can contain passwords that are reversibly encrypted with a
secret key. Radius::Rcrypt module provides encrypt and decrypt
routines that can be used by any other code.  Forthcoming version of
RAdmin will also support Rcrypt encryption.

Structural improvements to AuthGeneric, which allows some modules that
previously implemented their own handle_request to piggy-back off
AuthGeneric, saving lots of replicated code

Added CheckGroupServer and CheckGroup to AuthBy ADSI and AuthBy NT, so
that you can set a Class in the reply that depends on which NT group
the user is in.

Primary key violation in MySQL and unique constraint violation in
Oracle now does not cause disconnection.

Added example configuration file prepaid.cfg showing how to implement
a simple prepaid card system with an SQL database.

AuthLDAP* now handles multiple LDAP attributes for check, reply and
request AuthAttrDef. Multiple LDAP attribtues will be added as
multiple instances of the same Radius attribute. Contributed by Robert
Kiessling (Robert.Kiessling at de.easynet.net) Thanks Robert.

In AuthBy LDAP, HoldServerConnection worked in reverse to the correct
behaviour.

Added Global and per-Handler UsernameCharset allowing you to easily
specify what characters are permitted in a user name.

In AuthBy RADIUS, Host names for remote servers can now contain
special formatting characaters.

Added Acct-Input-Gigawords and Acct-Output-Gigawords to
dictionary. Reported by Bruno Tiago Rodrigues (bofh at netc.pt).

Improvements to sample Linux startup script. Now sources
/etc/sysconfig/radiator if present, so you can put config file name
and arguments there for preference. Suggested by Ted kandell
(tedk at encotone.com). Thanks Ted.

Added AuthLog SYSLOG, contributed by Carlos Canau
(Carlos.Canau at KPNQwest.pt). Thanks Carlos!

Added example hook to goodies/hooks.txt to extract special Cisco
format NAS-Port information.

Added Vendor-specific attribute Command-Code for Enterasys,
contributed by "Separovic, Jason"
              (jseparov at uecomm.com.au). Thanks Jason. 

Fixed a problem whre AuthBy UNIX or AuthBy FILE could fail to refresh
a file if it could temporarily be stat'd but not read.

Fixed a problem with Ascend binary filter attributes and UUnet: UUnet
would only let 24 byte filters through, and not the newer format 26
bytes (and larger) filters.

All file appends are now done by Util::append, which will facilitate
threading or piping of logging in the future.

Fixed a problem in ExcludeRegexFromPasswordLog 

Fixed Radius::unpack so that Vendor Specific Attributes that contain
multiple sub-attributes are unpacked correctly. Patch supplied by
Roland Rosenfeld (rrosenfeld at netcologne.de). Thanks Roland!

In radpwtst, Called-Station-Id and Calling-Station-Id are not sent if
-called_station_id or -calling_station_id are set to empty strings.

Fixed cosmetics in AddressAllocatorSQL ReclaimQuery, making 'state'
uppercase. Suggested by Carlos Canau (canau at keka.KPNQwest.pt).

Date formats recognised by Expiration and ValidFrom now include simple
integer Unix epoch dates. Documented all the valid date formats.

Added new pseudo check item ValidFrom that can specify the start of a
valid time range.

AddressAllocatorSQL FindQuery now supports special formatting
characters including those from the current packet.

RPM files are now 'noarch' instead of i386. 

Improvements to AuthBy LDAP2, contributed by Valentin Tumarkin
(tv at xpert.com). NoBindBeforeOp prevents binding before every search
operation. Added timeout on 'LDAP BIND' operation in 'sub bind'. Fixes
to properly close open LDAP connections after timeouts. Slightly more
verbose error messages. Works with perl-ldap-0.24. Thanks Valentin!

Timeouts have been generalised and moved to Util::exec_timeout. LDAP,
SQL and Finger now use it.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list