Commit 33d8503d authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Provide facility to enable/disable EAP types

parent 8b97e7cb
......@@ -67,6 +67,10 @@ define freeradius::module::eap (
Optional[Freeradius::Boolean] $peap_require_client_cert = undef,
Optional[Freeradius::Boolean] $mschapv2_send_error = undef,
Optional[String] $mschapv2_identity = undef,
Boolean $eap_md5 = true,
Boolean $eap_leap = true,
Boolean $eap_gtc = true,
Boolean $eap_peap = true,
) {
freeradius::module{$name:
......
......@@ -65,6 +65,7 @@ eap {
# Supported EAP-types
<%- if @eap_md5 -%>
#
# We do NOT recommend using EAP-MD5 authentication
# for wireless connections. It is insecure, and does
......@@ -72,6 +73,7 @@ eap {
#
md5 {
}
<%- end -%>
#
# EAP-pwd -- secure password-based authentication
......@@ -108,6 +110,7 @@ eap {
}
<%- end -%>
<%- if @eap_leap -%>
# Cisco LEAP
#
# We do not recommend using LEAP in new deployments. See:
......@@ -122,7 +125,9 @@ eap {
#
leap {
}
<%- end -%>
<%- if @eap_gtc -%>
# Generic Token Card.
#
# Currently, this is only permitted inside of EAP-TTLS,
......@@ -156,6 +161,7 @@ eap {
#
auth_type = <%= @gtc_auth_type %>
}
<%- end -%>
## Common TLS configuration for TLS-based EAP types
#
......@@ -755,7 +761,7 @@ eap {
<%- end -%>
}
<%- if @eap_peap -%>
## EAP-PEAP
#
......@@ -891,7 +897,8 @@ eap {
<%- if @peap_require_client_cert -%>
require_client_cert = <%= @peap_require_client_cert %>
<%- end -%>
}
}
<%- end -%>
#
# This takes no configuration.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment