aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Wilke <nachtfalkeaw[@]web.de>2012-01-29 21:16:51 +0100
committerAlexander Wilke <nachtfalkeaw[@]web.de>2012-01-29 21:16:51 +0100
commitd6ee7e066c25bda27f7b50cb931fe1b98be9dc5c (patch)
tree92a01a9723ec93a751e91625ea075185d745e322
parenta2b11330ee9ae8be632f59126ca8b4674ea792fd (diff)
downloadpfsense-packages-d6ee7e066c25bda27f7b50cb931fe1b98be9dc5c.tar.gz
pfsense-packages-d6ee7e066c25bda27f7b50cb931fe1b98be9dc5c.tar.bz2
pfsense-packages-d6ee7e066c25bda27f7b50cb931fe1b98be9dc5c.zip
Update config/freeradius2/freeradiuseapconf.xml
-rw-r--r--config/freeradius2/freeradiuseapconf.xml18
1 files changed, 8 insertions, 10 deletions
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml
index e84f7fbc..b5358c37 100644
--- a/config/freeradius2/freeradiuseapconf.xml
+++ b/config/freeradius2/freeradiuseapconf.xml
@@ -102,9 +102,15 @@
<type>listtopic</type>
</field>
<field>
+ <fielddescr>Disable weak EAP types</fielddescr>
+ <fieldname>vareapconfdisableweakeaptypes</fieldname>
+ <description><![CDATA[Here you disable the weak EAP types MD5, GTC and LEAP. You should do this if you want that only stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Default EAP Type</fielddescr>
<fieldname>vareapconfdefaulteaptype</fieldname>
- <description><![CDATA[Invoke the default supported EAP type when EAP-Identity response is received. (Default: md5)]]></description>
+ <description><![CDATA[Invoke the default supported EAP type when EAP-Identity response is received. If you disabled the weak EAP types you must not select here MD5. Try PEAP. (Default: md5)]]></description>
<type>select</type>
<default_value>md5</default_value>
<options>
@@ -114,7 +120,6 @@
<option><name>TLS</name><value>tls</value></option>
<option><name>TTLS</name><value>ttls</value></option>
<option><name>PEAP</name><value>peap</value></option>
- <option><name>MSCHAP</name><value>mschap</value></option>
<option><name>MSCHAPv2</name><value>mschapv2</value></option>
</options>
</field>
@@ -159,14 +164,13 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Choose your Cert Manager</fielddescr>
+ <fielddescr>Choose pfSense Cert-Manager</fielddescr>
<fieldname>vareapconfchoosecertmanager</fieldname>
<description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br>
To use the pfsense Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br>
<b>uncheked</b>: FreeRADIUS Cert-Manager (not recommended) (Default: unchecked)<br>
<b>cheked</b>: pfSense Cert-Manager (recommended)]]></description>
<type>checkbox</type>
- <default_value>radiuscertmgr</default_value>
<enablefields>ssl_ca_cert,ssl_server_cert,vareapconfenableclientp12</enablefields>
</field>
<field>
@@ -370,9 +374,6 @@
<option><name>GTC</name><value>gtc</value></option>
<option><name>OTP</name><value>otp</value></option>
<option><name>TLS</name><value>tls</value></option>
- <option><name>PAP</name><value>pap</value></option>
- <option><name>CHAP</name><value>chap</value></option>
- <option><name>MSCHAP</name><value>mschap</value></option>
<option><name>MSCHAPv2</name><value>mschapv2</value></option>
</options>
</field>
@@ -425,9 +426,6 @@
<option><name>GTC</name><value>gtc</value></option>
<option><name>OTP</name><value>otp</value></option>
<option><name>TLS</name><value>tls</value></option>
- <option><name>PAP</name><value>pap</value></option>
- <option><name>CHAP</name><value>chap</value></option>
- <option><name>MSCHAP</name><value>mschap</value></option>
<option><name>MSCHAPv2</name><value>mschapv2</value></option>
</options>
</field>