Please see the INSTALL file for installation details.


Changes in Merit Version 2.4.23

1) modified forward_to_realm() in las.misc.c to understand DEFAULT entry

2) recognize DAC and SHP huntgroup variants in version string

3) added SHP AATV support and allow for HGAS sub-AATV support

4) added parsing of "requestor" in huntgroups file

5) add temporary Ascend hacks

6) revamp and enhance session logging

7) added several "utility" AATVs for NAK, WAIT, logging, etc.

8) added new functions authtype_toa(), avpair_vtoa(), dumpit(), hex_dump(),
   and missing_attribute() to funcs.c

9) fprint_attr_val() is now in funcs.c

10) fixed email-user() so it doesn't affect HP-UX 10.x users

11) time remaining fix for IP address collisions

12) log FMS table parse errors to the logfile instead of the radius.debug file


Changes in Merit Version 2.4.22

1) add proxy field to event structure to handle Proxy-Action in FSM table

2) state_machine() and rad_recv() now use proxy EV union

3) redo experimental attribute range and add Service-Class and Port-Entry

4) add new function find_auth_ent() in users.c

5) clean up the duplicate detection logic in is_dup_req()

6) add LAS and HGAS changes for LAS synchronizing and session logging

7) rad_recv() passes Forwarding packets onto the state machine

8) add SIGINT to signal blocking mask in the engine

9) save old sequence number and redo tests at beginning of is_dup_request()

10) redo initialization of lport/llport and aport/aaport in radiusd.c

11) added "-v" option to radcheck(8) and radpwtst(8)

12) redid core dumping logic in sig_fatal()

13) added gdbm support to LAS code

14) added some cleanup in the Makefile


Changes in Merit Version 2.4.21

1) Change several string fields in authreq structure to just use pointers

2) Allow for suppressing of logging duplicates in hold state

3) Reworked HGAS which now honors tokens and other efficiency changes

4) Fix a bug in sendserver.c which caused test clients to dump core

5) Fix a compile time error in save_tokenpool_usage() for BSDi 2.0.1 (LAS)

6) Do NULL argument checking in good_ipaddr()

7) The -z option now renames existing logfiles as logfile.old

8) Fix two Linux compile time errors in sesstab.c and rad.las.c

9) Fix the fix in 2.4.20 to flush the log stream when child process exits

10) Spring cleaning after gcc -Wall

11) Change to las.fsm to support Simultaneous-Use when not part of MichNet

12) Add CHK_SHELLS guard around /etc/shells checking code in authenticate.c

13) Fix bug in pack_string() and unpack_string() in LAS to prevent crashes

14) Make lasrecord Perl script work with Perl 4

15) Assume session connected in rad_las_action() when using LAS_NO_HGAS

16) Changes to radcheck and HGAS for time remaining handling

17) Change built-in FSM table to allow for both "real" and LAS authentication

18) Changes to HGAS for repeated authentication

19) Aged logfile now has version stamp and uptime along with PID and timestamp


Changes in Merit Version 2.4.20

1) Prevent freezing of logging stream when server receives HUP signal

2) Remember to flush the log stream when child process exits

3) Properly match action on request queue event list in rad_2rad_recv()

4) Do not truncate logfile in debug mode

5) Allow truncation of arbitrary files

6) For OSF/1 place call to set_auth_parameters() early in mainline

7) Changes to the dictionary to support DRAFT 01 RADIUS RFC

8) Changes to allow proper function without the Service-Type attribute

9) New display utility for the LAS session.las current user status file

10) New display utility for the LAS record.las accounting file(s)


Changes in Merit Version 2.4.19

1) Make changes to conform with both RADIUS 01 DRAFT RFCs

2) Several changes in HGAS (e.g., rewrite read_huntgroups() function)

3) Moved DNS IPC code into engine from users.c

4) Correct LAS for Simultaneous-Use for non-realm installations

5) Initialize loop control variable in mail engine loop

6) Document allowing NULL realm in realms.las configuration file


Changes in Merit Version 2.4.18

1) HGAS code does less logging now


Changes in Merit Version 2.4.17

1) fix bug in built-in FSM in fsm.c allowing it to handle proxy requests

2)


Changes in Merit Version 2.4.16

1) fix bug in HGAS code preventing assigning a port

2) fix bug in trunc_logfile() routine when compressing logfiles


Changes in Merit Version 2.4.15

1) fix bug in LAS allowing group accessIDs in users file to work with
   only an entry in realms.las file


Changes in Merit Version 2.4.14

1) fix bug in LAS code for not clearing malloc'd memory


Changes in Merit Version 2.4.13

1) document the new style output in radcheck man page

2)


Changes in Merit Version 2.4.12

1) minor document changes to radiusd and radpwtst man pages

2) minor Makefile changes for Solaris


Changes in Merit Version 2.4.11

1) be consistent with whitespace in parsing users file

2) add DEFAULT capability to FILE type authentication

3) add separate config-install and util-install targets to Makefile

4) back-to-back users file entries (w/out whitespace separation) now parse ok

5) allow the Makefile to override serveral manifest constants: RADIUS_DIR,
   RADACCT_DIR, DEFAULT_DIR, DEFAULT_DIR2, DEFAULT_SERVER,
   DEFAULT_RADIUS_SERVER and DEFAULT_TACACS_SERVER

6) correct (man pages) radiusd.8 and radpwtst.8 (document "-i" and "-l" flags)

7) add NetBSD stuff into the mix

8) make OSF/1 changes to install targets in Makefile


Changes in Merit Version 2.4.10

1) minor fixes to the Makefile (not separate config-install target yet)

2) fix rcsid in builddbm.c

3) correct logging of Acct-Status-Type for Accounting-Requests

4) added protection against mis-configured authfiles (i.e., missing AATVs)

5) allow the RADIUS_COMPRESS #define to be overridden from the Makefile

6) fix file_pass() in rad.file.c to plug an authentication loophole

7) radpwtst now sends Accounting-Requests (-c 4) on UDP port 1646

8) correct radiusd.8 (the man page) in the /etc/services example


Changes in Merit Version 2.4.7

1) Fixed a bug in state_machine() for proper handling of Access-Challenge

2) Fixed uninitialized variable in read_auth() which caused SVR4 failures

3) Reset the maximum queue size variables upon receipt of a HUP signal


Changes in Merit Version 2.4.6

1) Logging of accounting responses now includes Acct-Status-Type information

2) Version output includes "ultrix" string on Ultrix systems


Changes in Merit Version 2.4.5

1) Added SGI support

2) Corrected bug in reconfig()

3) Corrected bug when syslog is selected on command line

4) Most calls to strtok() which use \n now take \r in addition

5) Status-Server requests now display LAS token dated high water marks

6) Several bugs with DBM and NDBM support were fixed

7) Several BSDi and Linux bugs were fixed

8) The Authentication-Type attribute is now recognized in FILE type realm files


Changes in Merit Version 2.4

1) added code to protect the server from problems in the DNS

2) fix a bug in get_state() when the Proxy-State is the first a/v pair

3) minor changes to reply text for Access-Reject messages

4) changes to install target and BSDi/FreeBSD paragraph in Makefile

5) replace reply_messge() with reply_sprintf() in funcs.c

6) version string now lives in conf.h

7) removed oddity with dummy.c file and HUNTGROUP stuff moved out of users.c

8) allow for long (64 character) prefix names

9) added fixes to handle old style syslog(3) seen in Ultrix 4.2/4.3

10) allow both "x" and "*" forms of shadow passwords

11) use modern sigaction(3) calls in place of older signal(3) function calls

12) added diffs from Joe Capo for ndbm(3) support in BSDi (and FreeBSD?)

13) cleaned up makefile support for AIX and SCO and added an HP-UX paragraph

14) added support for all eight Service-Types so they may appear in users file


Changes in Merit Version 2.3

1) corrected serious memory leak problem

2) allow for return of a/v pairs in Access-Reject proxy replies

3) added code to detect and log potential looping behaviour in proxy servers

4) added code to require passwords in Authenticate-Only requests

5) timeout_action() now logs state from which it occurred

6) added global config file counts, version and queue size to MGT poll

7) correct boundary condition bug with maximal length User-Passwords

8) clarify Makefile and correct typo preventing build of utilities

9) a/v pair dumping in debug mode now goes to debug file

10) radpwtst now handles passwords up to sixteen characters long

11) added compile time option to select either weekly or daily log file archive

12) added FreeBSD diffs (not tested)

13) fixed byte ordering problem in sendto() in TACACS client code

14) added -c (for change working directory) option to engine

15) added code to verify AATV names are unique

16) put the PID at the beginning of the line in the radiusd.pid file

17) sending the TERM signal to the server performs an orderly shutdown

18) sending the INT signal to the server calls all AATV init() functions

19) added vendor independent a/v pair pruning to ease multi-platform use


Changes in Merit Version 2.2

1) minor bug fix for duplicate detection

2) added support for Solaris 2.x (acutally SVR4) signal() handling


Changes in Merit Version 2.1

1) minor documentation changes in several files

2) fix to bug preventing Alpha/OSF (and other little endian) servers from
   working under the control of inetd(8)


Changes in Merit Version 2.0

1) added finite state machine support with built-in default action table

2) added support for STATUS_SERVER (MGT_POLL) requests

3) lots of cleanup and modularization

4) added support for syslog (in addition to logfile) logging

5) multi-level debugging output supported with (one or more) -x option(s)

6) added SIGUSR1 and SIGUSR2 style debugging control a la BIND/named

7) SIGTERM forces AATV initialization (usually reads configuration info)

8) added support for logfile aging (unlink, rename and compress at midnight)

9) several new support functions have been added to the funcs.c file

10) support for encrypted passwords in both "users" and "FILE" (realm) files


Changes in Merit Version 1.18

1) added AATV support

2) added Authentication-Type "file"

3) added Livingston 1.16 sytle accounting support

4) configuration file aging (stat config files on every MGT_POLL)


Changes in Merit Version 1.17

1) added Glenn McGregor's BSDi diffs

2) compiled and tested on BSDi, Sun, Ultrix, and AIX

3) changed the way the Makefile works

4) added ANSI function protytpe declarations

5) added U of M and Merit copyright to selected (Merit created/changed) files

6) radcheck and radpwtst now support -x (debug) option


Changes in Merit Version 1.16

1) removed DEFAULT_DOMAIN -- allow optional NULL entry in authfile

2) fixed bug in find_client call to update_client

3) users file no longer requires use of "<xxx>user" entries

4) added support for TACACS authentication

5) enable protocol type specific user name matching

6) allow specification of aliases and protocols on authfile entries

7) config_files now handles systems with multiple IP addresses

8) allow for all protocol types to be specified as Authentication-Type values

9) allow Authentication-Type = Radius in users, uses DEFAULT entry in authfile


Changes in Merit Version 1.10

1) added DEFAULT_DOMAIN

2) fix hole in Kerberos authentication

3) radius_pass now prints host's IP address in non-blocking and blocking code

4) fixed bug in find_client call to update_client


Changes in Merit Version 1.9

1) add #ifdef KERBEROS around the sigaddset call in radiusd.c for SIGCHLD

2) add IP address aging in find_client (in users.c)

4) add code to reset config_flag to zero in main BLOCKING while loop (radiusd.c)

5) if no /etc/shells file (auth_fun.c), then call getusershell(3)

6) add MIT Kerberos support

7) add KCHAP support

8) added logging of process id and version number in logfile
