I'm happy to announce that after a long while, a new version of FreeRADIUS has been release. See http://www.freeradius.org for a link to the tar file and signature. ChangeLog: Feature improvements * rlm_ldap has "set_auth_type" configuration option, which should address some configuration problems when using it. * Fix MIT Kerberos bug * Modules can be load balanced, both in isolation and redundantly. See doc/load-balance.txt for more information. * rlm_perl is now marked "stable" * N-tier certificate patch from Mohammed Petiwala. * Copied dictionaries from the CVS head (many, many, more vendors) * Enabled support for weird VSA formats, like Lucent and Starent. * Support encrypted IP address and integers, for Juniper clients. * Add PEAP machine authentication support in module "rlm_mschap". * Support User-Password field encryption in digest mode. * rlm_x99_token has become rlm_otp (with lots of changes). * Add rlm_sqlcounter to the list of stable modules. * Read MySQL specific options in sections [freeradius] and [client] from file "my.cnf". * Support the ${Cisco-AVPair[n]} syntax. * Execute modules in {Pre,Post}-Proxy-Type stanzas. * Add new options to radclient to run stress tests on the server. * New module "rlm_sql_log" to postpone the storage of accounting data in a SQL database. See rlm_sql_log(5) manpage. * New program "radsqlrelay" which sends the SQL logfile according to the SQL server's capabilities. Bug fixes * #306 (HUP when built with threads, but executed with -s) * #285 (more attributes in dictionary.cisco.vpn3000) * rlm_digest has a number of bug fixes to authentication types. * Don't leak memory in module "rlm_sql". * Update the dictionaries, so that VALUEs with the same name, but different numbers, aren't allowed. * Queue the request before looking for available threads. * Don't free the check items after we received the proxy reply. * Expand config variables in included files, too. * Check the return value of accounting modules and don't proxy invalid requests. * In rlm_passwd, don't close a file stream more than once. * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. * Walk the whole string in when escaping strings in rlm_ldap. * Include crypt.h if it is available so we get a prototype for crypt(), spotted by Konstantin Kubatkin. * Removed (for almost all uses) length restrictions on vendor names and VALUE names. * Don't leak memory when proxying an Access-Challenge response. * Make the sleep time user-defined, so radrelay can send more than 7 requests/s. * Fix a memory leak in rlm_checkval. * radclient doesn't resend countless times packets with invalid signature. * Fix segfault and mem leak in rlm_pam. Alan DeKok.