eap2 {
                #  EAP types are chosen in the order that they are
                #  listed in this section.  There is no "default_eap_type"
                #  as with rlm_eap.  Instead, the *first* EAP type is
                #  used as the default type.
                #
                peap {
                }

               ttls {
              }

                psk {
                }

                #  This is the ONLY EAP type that has any configuration.
                #  All other EAP types have no configuration.
                #
                tls {
                        certdir = ${confdir}/certs
                        cadir = ${confdir}/certs

                        private_key_password = whatever
                        private_key_file = ${certdir}/server.pem
                        certificate_file = ${certdir}/server.pem
                        dh_file = ${certdir}/dh
                        random_file = ${certdir}/random
                         CA_path = ${cadir}
                        cipher_list = "DEFAULT"
                         make_cert_command = "${certdir}/bootstrap"
                         ecdh_curve = "prime256v1"
                cache {
                                enable = no

                              #
                              #  Lifetime of the cached entries, in hours.
                              #  The sessions will be deleted after this
                              #  time.
                              # lifetime = 24 # hours

                              #
                              #  The maximum number of entries in the
                              #  cache.  Set to "0" for "infinite".
                              #
                              #  This could be set to the number of users
                              #  who are logged in... which can be a LOT.
                              #
                              max_entries = 255
                        }
                                verify {
                        }
  ocsp {
                              #
                              #  Enable it.  The default is "no".
                              #  Deleting the entire "ocsp" subsection
                              #  Also disables ocsp checking
                              #enable = no

                              #
                              #  The OCSP Responder URL can be automatically
                              #  extracted from the certificate in question.
                              #  To override the OCSP Responder URL set
                              #  "override_cert_url = yes".
                              #
                              override_cert_url = yes

                              #
                              #  If the OCSP Responder address is not
                              #  extracted from the certificate, the
                              #  URL can be defined here.

                              #
                         url = "http://127.0.0.1/ocsp/"
}
}
                #
                #  These next two methods do not supply keying material.
                #
                md5 {
                }

                mschapv2 {
                }

                #  LEAP is NOT supported by this module.
                #  Use the "eap" module instead.

                #  For other methods that MIGHT work, see the
                #  configuration of hostap.  The methods are statically
                #  linked in at compile time, and cannot be controlled
                #  here.
        }

                                                              76,1          73%


 

