adva_user 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (95) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +17 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +22 -0
  5. data/README +114 -0
  6. data/README.md +29 -0
  7. data/Rakefile +2 -0
  8. data/adva_user.gemspec +17 -0
  9. data/app/controllers/admin/base_account_controller.rb +13 -0
  10. data/app/controllers/admin/users_controller.rb +95 -0
  11. data/app/controllers/password_controller.rb +36 -0
  12. data/app/controllers/session_controller.rb +30 -0
  13. data/app/helpers/users_helper.rb +27 -0
  14. data/app/models/account.rb +7 -0
  15. data/app/models/membership.rb +16 -0
  16. data/app/models/password_mailer.rb +43 -0
  17. data/app/models/user.rb +106 -0
  18. data/app/views/admin/users/_form.html.erb +29 -0
  19. data/app/views/admin/users/_sidebar.html.erb +8 -0
  20. data/app/views/admin/users/edit.html.erb +7 -0
  21. data/app/views/admin/users/index.html.erb +13 -0
  22. data/app/views/admin/users/new.html.erb +5 -0
  23. data/app/views/admin/users/show.html.erb +27 -0
  24. data/app/views/layouts/login.html.erb +24 -0
  25. data/app/views/password/edit.html.erb +14 -0
  26. data/app/views/password/new.html.erb +13 -0
  27. data/app/views/password_mailer/reset_password_email.html.erb +3 -0
  28. data/app/views/password_mailer/updated_password_email.html.erb +1 -0
  29. data/app/views/session/new.html.erb +17 -0
  30. data/config/initializers/menus.rb +25 -0
  31. data/config/routes.rb +14 -0
  32. data/db/migrate/20080402000001_create_users_table.rb +33 -0
  33. data/db/migrate/20080402000005_create_memberships_table.rb +13 -0
  34. data/db/migrate/20090625124502_create_accounts.rb +13 -0
  35. data/db/migrate/20090625133231_add_account_to_user.rb +10 -0
  36. data/lib/action_controller/authenticate_anonymous.rb +70 -0
  37. data/lib/action_controller/authenticate_user.rb +201 -0
  38. data/lib/active_record/belongs_to_author.rb +37 -0
  39. data/lib/adva_user.rb +28 -0
  40. data/lib/adva_user/version.rb +3 -0
  41. data/lib/login/helper_integration.rb +11 -0
  42. data/lib/login/mail_config.rb +39 -0
  43. data/test/contexts.rb +42 -0
  44. data/test/fixtures.rb +18 -0
  45. data/test/functional/admin/users_controller_test.rb +176 -0
  46. data/test/functional/password_controller_test.rb +96 -0
  47. data/test/functional/session_controller_test.rb +1 -0
  48. data/test/functional/user_controller_test.rb +95 -0
  49. data/test/integration/anonymous_login_test.rb +39 -0
  50. data/test/integration/edit_user_test.rb +44 -0
  51. data/test/integration/memberships_test.rb +52 -0
  52. data/test/integration/user_deletion_test.rb +27 -0
  53. data/test/integration/user_login_test.rb +53 -0
  54. data/test/integration/user_login_with_remember_me_test.rb +20 -0
  55. data/test/integration/user_registration_test.rb +64 -0
  56. data/test/test_helper.rb +1 -0
  57. data/test/unit/cells/user_cell_test.rb +13 -0
  58. data/test/unit/helpers/users_helper_test.rb +52 -0
  59. data/test/unit/models/account_test.rb +21 -0
  60. data/test/unit/models/anonymous_test.rb +54 -0
  61. data/test/unit/models/password_mailer_test.rb +26 -0
  62. data/test/unit/models/user_mailer_test.rb +16 -0
  63. data/test/unit/models/user_test.rb +173 -0
  64. data/vendor/gems/authentication/.gitignore +17 -0
  65. data/vendor/gems/authentication/Gemfile +4 -0
  66. data/vendor/gems/authentication/LICENSE +22 -0
  67. data/vendor/gems/authentication/MIT-LICENSE +38 -0
  68. data/vendor/gems/authentication/README +39 -0
  69. data/vendor/gems/authentication/README.md +29 -0
  70. data/vendor/gems/authentication/RUNNING_UNIT_TESTS +13 -0
  71. data/vendor/gems/authentication/Rakefile +61 -0
  72. data/vendor/gems/authentication/authentication.gemspec +17 -0
  73. data/vendor/gems/authentication/lib/authentication.rb +270 -0
  74. data/vendor/gems/authentication/lib/authentication/active_record_extensions.rb +11 -0
  75. data/vendor/gems/authentication/lib/authentication/bogus.rb +13 -0
  76. data/vendor/gems/authentication/lib/authentication/hash_helper.rb +26 -0
  77. data/vendor/gems/authentication/lib/authentication/ldap.rb +49 -0
  78. data/vendor/gems/authentication/lib/authentication/remember_me.rb +52 -0
  79. data/vendor/gems/authentication/lib/authentication/salted_hash.rb +53 -0
  80. data/vendor/gems/authentication/lib/authentication/single_token.rb +53 -0
  81. data/vendor/gems/authentication/lib/authentication/version.rb +3 -0
  82. data/vendor/gems/authentication/lib/radius/dictionary +207 -0
  83. data/vendor/gems/authentication/test_backup/abstract_unit.rb +30 -0
  84. data/vendor/gems/authentication/test_backup/active_record_extension_test.rb +17 -0
  85. data/vendor/gems/authentication/test_backup/authentication_test.rb +231 -0
  86. data/vendor/gems/authentication/test_backup/database.yml +12 -0
  87. data/vendor/gems/authentication/test_backup/fixtures/user.rb +3 -0
  88. data/vendor/gems/authentication/test_backup/fixtures/users.yml +3 -0
  89. data/vendor/gems/authentication/test_backup/options_test.rb +100 -0
  90. data/vendor/gems/authentication/test_backup/remember_me_test.rb +41 -0
  91. data/vendor/gems/authentication/test_backup/salted_hash_test.rb +38 -0
  92. data/vendor/gems/authentication/test_backup/schema.rb +10 -0
  93. data/vendor/gems/authentication/test_backup/single_token_test.rb +44 -0
  94. data/vendor/gems/authentication/test_backup/test_helper.rb +8 -0
  95. metadata +157 -0
@@ -0,0 +1,11 @@
1
+ class ActiveRecord::Base
2
+ # Utility method to easily see if the model contains all columns
3
+ # given. Most authentication modules use this to see if they are
4
+ # enabled or not by checking for their required columns.
5
+ def self.includes_all_columns?(*columns)
6
+ columns = columns.flatten.compact
7
+ columns.collect! {|c| c.to_s}
8
+
9
+ columns.all? {|c| self.column_names.include? c}
10
+ end
11
+ end
@@ -0,0 +1,13 @@
1
+ module Authentication
2
+
3
+ # A fake authentication system for use in a development environments.
4
+ # This is ideal for cases where the productino environment uses some
5
+ # complex authentication that cannot be simulated in the development
6
+ # environment easily.
7
+ class Bogus
8
+
9
+ # Any password will authenticate. This is to encourage people
10
+ # to not use this in the production environment.
11
+ def authenticate(user, password); true end
12
+ end
13
+ end
@@ -0,0 +1,26 @@
1
+ require 'digest/sha1'
2
+
3
+ module Authentication
4
+
5
+ # Generating a hash is a common task across many authentication
6
+ # modules. This mixin makes the task easier.
7
+ module HashHelper
8
+ protected
9
+
10
+ # Will hash the given string based on the given salt. The default
11
+ # salt is the site salt. This is defined by the constant
12
+ # AUTHENTICATION_SALT. If not defined then the installation
13
+ # directory of the application will be used as the site salt.
14
+ def hash_string(string, salt=site_salt)
15
+ Digest::SHA1.hexdigest("#{salt}---#{string}")
16
+ end
17
+
18
+ private
19
+
20
+ # Will retrieve the site salt.
21
+ def site_salt
22
+ return AUTHENTICATION_SALT if Object.const_defined? 'AUTHENTICATION_SALT'
23
+ File.expand_path Rails.root
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,49 @@
1
+ require 'ldap'
2
+
3
+ module Authentication
4
+
5
+ class Ldap
6
+ attr_reader :options
7
+
8
+ def initialize(options={})
9
+ @options = options.reverse_merge(
10
+ :host => '127.0.0.1',
11
+ :port => LDAP::LDAP_PORT,
12
+ :base => "dc=example,dc=com",
13
+ :bind_dn => nil,
14
+ :bind_password => nil,
15
+ :uid_attribute => "uid", # uid for ldap ; sAMAccountName for AD
16
+ :uid_column => 'name'
17
+ )
18
+ end
19
+
20
+ def authenticate(user, password)
21
+ # connect to the ldap server
22
+ conn = LDAP::Conn.new(options[:host],options[:port])
23
+ # using proto v3
24
+ conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
25
+ # optionally bind as specific user
26
+ conn.bind(options[:bind_dn],options[:bind_password]) if options[:bind_dn]
27
+ # get the user uid from active record object
28
+ uid = user.send options[:uid_column]
29
+ # search the DN is the ldap using the uid on the specified attribute
30
+ res = conn.search2(options[:base],LDAP::LDAP_SCOPE_SUBTREE,"#{options[:uid_attribute]}=#{uid}",['dn'])
31
+ if ! res.empty?
32
+ dn = res[0]['dn'][0]
33
+ begin
34
+ conn.unbind if conn.bound?
35
+ conn.simple_bind(dn,password)
36
+ conn.unbind
37
+ conn = nil
38
+ return true
39
+ rescue LDAP::ResultError => e
40
+ return false
41
+ end
42
+ end
43
+ return false
44
+ end
45
+
46
+ end
47
+
48
+ end
49
+
@@ -0,0 +1,52 @@
1
+ require 'authentication/hash_helper'
2
+
3
+ module Authentication
4
+
5
+ # This token module works mostly like the SingleToken module with
6
+ # three differences:
7
+ #
8
+ # * It uses a different field name (remember_me CHAR(40))
9
+ # * It doesn't care about any expiration time set
10
+ # * It will only assign a token if the token name is /remember.?me/i
11
+ #
12
+ # This module is ideally suited for the remember me functionality
13
+ # because of these changes. This module would probably not be
14
+ # necessary if you are using a token module that supports more than
15
+ # one token. Since the default one (SingleToken) only supports one
16
+ # we need a seperate module for the remember me functionality so
17
+ # we can basically now store two tokens by default.
18
+ #
19
+ # This module supports the same "verified_at" hidden feature that
20
+ # the Authentication::SaltedHash module supports
21
+ class RememberMe
22
+ include HashHelper
23
+
24
+ # Will test to see if the given remember me key is valid
25
+ def authenticate(user, key)
26
+ return false unless valid_model? user
27
+ return false unless key.to_s.length == 40
28
+
29
+ conditions = ['id = ? AND remember_me = ?', user.id, hash_string(key)]
30
+ conditions[0] << ' AND verified_at IS NOT NULL' if user.respond_to? :verified_at
31
+ 0 < user.class.count(:conditions => conditions)
32
+ end
33
+
34
+ # Will create a new remember me token. We will ignore the expiration
35
+ # since a remember me is always forever.
36
+ def assign_token(user, name, expire=nil)
37
+ return nil unless valid_model? user
38
+ return nil unless name =~ /remember.?me/i
39
+
40
+ token = hash_string "remember-me-#{Time.zone.now}"
41
+ user.remember_me = hash_string token
42
+ token
43
+ end
44
+
45
+ private
46
+
47
+ # This functionality is only used if remember me an available column
48
+ def valid_model?(user)
49
+ user.class.column_names.include? 'remember_me'
50
+ end
51
+ end
52
+ end
@@ -0,0 +1,53 @@
1
+ require 'authentication/hash_helper'
2
+
3
+ module Authentication
4
+ # Implements a basic salted hash authentication is the model's table.
5
+ # The model must implement the fields "password_hash" and
6
+ # "password_salt". If those fields are not implemented then this
7
+ # module cannot authenticate the user. These fields should be a
8
+ # string of 40 characters.
9
+ #
10
+ # NOTE: Some concepts here were borrowed from the Salted Login
11
+ # Generator/Engine. I am not a security expert but this seems like it
12
+ # would be quite safe and implements "best practice" methods for
13
+ # authentication. I'm sure there are better ones but this is much
14
+ # better than my old apps which used clear text passwords in the
15
+ # databse. :)
16
+ #
17
+ # NOTE: There is a hidden feature here. If the model contains
18
+ # the column "verified_at" then the user will not authenticate
19
+ # until the verified_at column has a value. This is to support the
20
+ # common practice of requiring a user to verify their email address
21
+ # before being able to login. If the column is not defined then
22
+ # the user can login as long as their password is correct.
23
+ class SaltedHash
24
+ include HashHelper
25
+
26
+ # Carries out actual authentication procedure. If the password
27
+ # given is correct for the given user then true is returned.
28
+ # Otherwise false will be returned.
29
+ def authenticate(user, password)
30
+ return false unless valid_model?(user)
31
+
32
+ password_hash = hash_string password, user.password_salt
33
+ conditions = ['id = ? AND password_hash = ?', user.id, password_hash]
34
+ conditions[0] << ' AND verified_at IS NOT NULL' if user.respond_to? :verified_at
35
+ 0 < user.class.where(conditions).count
36
+ end
37
+
38
+ # Will assign a new password for the given user.
39
+ def assign_password(user, password)
40
+ return unless valid_model? user
41
+
42
+ user.password_salt = hash_string "salt-#{Time.zone.now}"
43
+ user.password_hash = hash_string password, user.password_salt
44
+ end
45
+
46
+ private
47
+
48
+ # True if password_hash and password_salt not in the table
49
+ def valid_model?(user)
50
+ user.class.includes_all_columns? :password_hash, :password_salt
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,53 @@
1
+ require 'authentication/hash_helper'
2
+
3
+ module Authentication
4
+ # Implements a token with expiration that is stored on the model
5
+ # being authenticated. This is designed to implement the common
6
+ # practice of having a token in the URL that will automatically
7
+ # authenticate the user.
8
+ #
9
+ # The model should implement the fields "token_key" (a 40 character
10
+ # field) and "token_expiration" (a datetime field). If they are not
11
+ # implemented this class cannot authenticate or assign tokens.
12
+ #
13
+ # This token module is called SingleToken because it only can
14
+ # store one token. If another token is assigned the first is lost
15
+ # and will not authenticate the user anymore. For common needs such
16
+ # as forgot my password and account restoration this is fine.
17
+ #
18
+ # This token does NOT honor the verified_at field that the
19
+ # Authentication::SaltedHash module and Authentication::RememberMe
20
+ # module do since this token may be used to actually implement the
21
+ # email verification.
22
+ class SingleToken
23
+ include HashHelper
24
+
25
+ # Will test to see if the given key is valid for the given user
26
+ def authenticate(user, key)
27
+ return false unless valid_model? user
28
+ return false unless key.to_s.length == 40
29
+
30
+ conditions = [
31
+ 'id = ? AND token_key = ? AND (token_expiration >= ? OR token_expiration IS NULL)',
32
+ user.id, hash_string(key), Time.zone.now
33
+ ]
34
+ 0 < user.class.count(:conditions => conditions)
35
+ end
36
+
37
+ # Will create a new token for the given user with the given expiration
38
+ def assign_token(user, name, expire)
39
+ return nil unless valid_model? user
40
+
41
+ user.token_expiration = expire
42
+ token = hash_string "token-#{Time.zone.now}"
43
+ user.token_key = hash_string token
44
+ token
45
+ end
46
+
47
+ private
48
+
49
+ def valid_model?(user)
50
+ user.class.includes_all_columns? :token_key, :token_expiration
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,3 @@
1
+ module Authentication
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,207 @@
1
+ #
2
+ # This file contains dictionary translations for parsing
3
+ # requests and generating responses. All transactions are
4
+ # composed of Attribute/Value Pairs. The value of each attribute
5
+ # is specified as one of 4 data types. Valid data types are:
6
+ #
7
+ # string - 0-253 octets
8
+ # ipaddr - 4 octets in network byte order
9
+ # integer - 32 bit value in big endian order (high byte first)
10
+ # date - 32 bit value in big endian order - seconds since
11
+ # 00:00:00 GMT, Jan. 1, 1970
12
+ #
13
+ # Enumerated values are stored in the user file with dictionary
14
+ # VALUE translations for easy administration.
15
+ #
16
+ # Example:
17
+ #
18
+ # ATTRIBUTE VALUE
19
+ # --------------- -----
20
+ # Framed-Protocol = PPP
21
+ # 7 = 1 (integer encoding)
22
+ #
23
+
24
+
25
+
26
+ #
27
+ # Proper names for everything - use this instead of the above
28
+ #
29
+ ATTRIBUTE User-Name 1 string
30
+ ATTRIBUTE User-Password 2 string
31
+ ATTRIBUTE CHAP-Password 3 string
32
+ ATTRIBUTE NAS-IP-Address 4 ipaddr
33
+ ATTRIBUTE NAS-Port 5 integer
34
+ ATTRIBUTE Service-Type 6 integer
35
+ ATTRIBUTE Framed-Protocol 7 integer
36
+ ATTRIBUTE Framed-IP-Address 8 ipaddr
37
+ ATTRIBUTE Framed-IP-Netmask 9 ipaddr
38
+ ATTRIBUTE Framed-Routing 10 integer
39
+ ATTRIBUTE Filter-Id 11 string
40
+ ATTRIBUTE Framed-MTU 12 integer
41
+ ATTRIBUTE Framed-Compression 13 integer
42
+ ATTRIBUTE Login-IP-Host 14 ipaddr
43
+ ATTRIBUTE Login-Service 15 integer
44
+ ATTRIBUTE Login-TCP-Port 16 integer
45
+ ATTRIBUTE Reply-Message 18 string
46
+ ATTRIBUTE Callback-Number 19 string
47
+ ATTRIBUTE Callback-Id 20 string
48
+ ATTRIBUTE Expiration 21 date
49
+ ATTRIBUTE Framed-Route 22 string
50
+ ATTRIBUTE Framed-IPX-Network 23 ipaddr
51
+ ATTRIBUTE State 24 string
52
+ ATTRIBUTE Session-Timeout 27 integer
53
+ ATTRIBUTE Idle-Timeout 28 integer
54
+ ATTRIBUTE Termination-Action 29 integer
55
+ ATTRIBUTE Called-Station-Id 30 string
56
+ ATTRIBUTE Calling-Station-Id 31 string
57
+ ATTRIBUTE Acct-Status-Type 40 integer
58
+ ATTRIBUTE Acct-Delay-Time 41 integer
59
+ ATTRIBUTE Acct-Input-Octets 42 integer
60
+ ATTRIBUTE Acct-Output-Octets 43 integer
61
+ ATTRIBUTE Acct-Session-Id 44 string
62
+ ATTRIBUTE Acct-Authentic 45 integer
63
+ ATTRIBUTE Acct-Session-Time 46 integer
64
+ ATTRIBUTE Acct-Terminate-Cause 49 integer
65
+ ATTRIBUTE NAS-Port-Type 61 integer
66
+ ATTRIBUTE Port-Limit 62 integer
67
+
68
+
69
+ #
70
+ # Integer Translations
71
+ #
72
+
73
+ # User Types
74
+
75
+ VALUE Service-Type Login-User 1
76
+ VALUE Service-Type Framed-User 2
77
+ VALUE Service-Type Callback-Login-User 3
78
+ VALUE Service-Type Callback-Framed-User 4
79
+ VALUE Service-Type Outbound-User 5
80
+ VALUE Service-Type Administrative-User 6
81
+ VALUE Service-Type NAS-Prompt-User 7
82
+
83
+ # Framed Protocols
84
+
85
+ VALUE Framed-Protocol PPP 1
86
+ VALUE Framed-Protocol SLIP 2
87
+
88
+ # Framed Routing Values
89
+
90
+ VALUE Framed-Routing None 0
91
+ VALUE Framed-Routing Broadcast 1
92
+ VALUE Framed-Routing Listen 2
93
+ VALUE Framed-Routing Broadcast-Listen 3
94
+
95
+ # Framed Compression Types
96
+
97
+ VALUE Framed-Compression None 0
98
+ VALUE Framed-Compression Van-Jacobson-TCP-IP 1
99
+
100
+ # Login Services
101
+
102
+ VALUE Login-Service Telnet 0
103
+ VALUE Login-Service Rlogin 1
104
+ VALUE Login-Service TCP-Clear 2
105
+ VALUE Login-Service PortMaster 3
106
+
107
+ # Status Types
108
+
109
+ VALUE Acct-Status-Type Start 1
110
+ VALUE Acct-Status-Type Stop 2
111
+
112
+ # Authentication Types
113
+
114
+ VALUE Acct-Authentic RADIUS 1
115
+ VALUE Acct-Authentic Local 2
116
+ VALUE Acct-Authentic PowerLink128 100
117
+
118
+ # Termination Options
119
+
120
+ VALUE Termination-Action Default 0
121
+ VALUE Termination-Action RADIUS-Request 1
122
+
123
+ # NAS Port Types, available in ComOS 3.3.1 and later
124
+
125
+ VALUE NAS-Port-Type Async 0
126
+ VALUE NAS-Port-Type Sync 1
127
+ VALUE NAS-Port-Type ISDN 2
128
+ VALUE NAS-Port-Type ISDN-V120 3
129
+ VALUE NAS-Port-Type ISDN-V110 4
130
+
131
+ # Acct Terminate Causes, available in ComOS 3.3.2 and later
132
+
133
+ VALUE Acct-Terminate-Cause User-Request 1
134
+ VALUE Acct-Terminate-Cause Lost-Carrier 2
135
+ VALUE Acct-Terminate-Cause Lost-Service 3
136
+ VALUE Acct-Terminate-Cause Idle-Timeout 4
137
+ VALUE Acct-Terminate-Cause Session-Timeout 5
138
+ VALUE Acct-Terminate-Cause Admin-Reset 6
139
+ VALUE Acct-Terminate-Cause Admin-Reboot 7
140
+ VALUE Acct-Terminate-Cause Port-Error 8
141
+ VALUE Acct-Terminate-Cause NAS-Error 9
142
+ VALUE Acct-Terminate-Cause NAS-Request 10
143
+ VALUE Acct-Terminate-Cause NAS-Reboot 11
144
+ VALUE Acct-Terminate-Cause Port-Unneeded 12
145
+ VALUE Acct-Terminate-Cause Port-Preempted 13
146
+ VALUE Acct-Terminate-Cause Port-Suspended 14
147
+ VALUE Acct-Terminate-Cause Service-Unavailable 15
148
+ VALUE Acct-Terminate-Cause Callback 16
149
+ VALUE Acct-Terminate-Cause User-Error 17
150
+ VALUE Acct-Terminate-Cause Host-Request 18
151
+
152
+
153
+ #
154
+ # Obsolete names for backwards compatibility with older users files
155
+ # If you want RADIUS accounting logs to use the new names instead of
156
+ # these, move this section to the beginning of the dictionary file
157
+ # and kill and restart radiusd
158
+ # If you don't have a RADIUS 1.16 users file that you're still using,
159
+ # you can delete or ignore this section.
160
+ #
161
+ ATTRIBUTE Client-Id 4 ipaddr
162
+ ATTRIBUTE Client-Port-Id 5 integer
163
+ ATTRIBUTE User-Service-Type 6 integer
164
+ ATTRIBUTE Framed-Address 8 ipaddr
165
+ ATTRIBUTE Framed-Netmask 9 ipaddr
166
+ ATTRIBUTE Framed-Filter-Id 11 string
167
+ ATTRIBUTE Login-Host 14 ipaddr
168
+ ATTRIBUTE Login-Port 16 integer
169
+ ATTRIBUTE Old-Password 17 string
170
+ ATTRIBUTE Port-Message 18 string
171
+ ATTRIBUTE Dialback-No 19 string
172
+ ATTRIBUTE Dialback-Name 20 string
173
+ ATTRIBUTE Challenge-State 24 string
174
+ VALUE Service-Type Dialback-Login-User 3
175
+ VALUE Service-Type Dialback-Framed-User 4
176
+ VALUE Service-Type Shell-User 6
177
+ VALUE Framed-Compression Van-Jacobsen-TCP-IP 1
178
+ #VALUE Auth-Type Unix 1
179
+ #
180
+ # END of obsolete names for backwards compatibility
181
+ #
182
+
183
+ #
184
+ # Configuration Values
185
+ # uncomment out these two lines to turn account expiration on
186
+ #
187
+
188
+ #VALUE Server-Config Password-Expiration 30
189
+ #VALUE Server-Config Password-Warning 5
190
+
191
+ ##
192
+ ## VENDOR SPECIFIC ATTRIBUTES
193
+ ##
194
+ ## The following entries demonstrate the use of VSAs
195
+ ##
196
+
197
+ # cisco-avpair is used for various functions by cisco IOS. Most
198
+ # notably, it's used to create VPDN tunnels.
199
+ #
200
+ VENDORATTR 9 cisco-avpair 1 string
201
+
202
+ # This is a fake attribute to demonstrate how to write named-value
203
+ # attributes.
204
+ VENDORATTR 1 ibm-enum 254 integer
205
+ VENDORVALUE 1 ibm-enum value-1 1
206
+ VENDORVALUE 1 ibm-enum value-2 2
207
+ VENDORVALUE 1 ibm-enum value-3 3