#  pam_radius_auth configuration file.  Copy to: /etc/raddb/server
#
#  For proper security, this file SHOULD have permissions 0600,
#  that is readable by root, and NO ONE else.  If anyone other than
#  root can read this file, then they can spoof responses from the server!
#
#  There are 5 fields per line in this file.  There may be multiple
#  lines.  Blank lines or lines beginning with '#' are treated as
#  comments, and are ignored.  The fields are:
#
#  server[:port] secret [timeout [source_ip [vrf]]]
#
#  the port name or number is optional.  The default port name is
#  "radius", and is looked up from /etc/services The timeout field is
#  optional.  The default timeout is 3 seconds.
#  The source_ip field is optional and the default is none.
#  The vrf field is optional and the default is none.
#
#  For IPv6 literal addresses, the address has to be surrounded  by
#  square  brackets as usual. E.g. [2001:0db8:85a3::4].
#
#  If multiple RADIUS server lines exist, they are tried in order.  The
#  first server to return success or failure causes the module to return
#  success or failure.  Only if a server fails to response is it skipped,
#  and the next server in turn is used.
#
#  The timeout field controls how many seconds the module waits before
#  deciding that the server has failed to respond.  Timeouts MUST be
#  between 3 and 60 seconds.  If they are outside of this range, the
#  timeouts are clamped to this range.
#
#  The source_ip field can be used to make the library bind the socket
#  that connects to that particular server to a particular IP address.
#  Note: specifying a timeout field is mandatory due to config parsing,
#  but if not needed it can be just set to the default of 3.
#
#  The vrf field can be used on Linux to make the library bind the socket
#  that connects to that particualar server to a particular VRF.
#  See: https://www.kernel.org/doc/Documentation/networking/vrf.txt for
#  more information.
#  Note: specifying a source_ip field is mandatory due to config parsing,
#  but if not needed it can be just set to 0.
#
# server[:port]             shared_secret      timeout (s)  source_ip            vrf
#127.0.0.1                   secret             3
#other-server                other-secret       5            192.168.1.10         vrf-blue
#[2001:0db8:85a3::4]:1812    other6-secret      3            [2001:0db8:85a3::3]  vrf-red
#other-other-server          other-other-secret 5            0                    vrf-blue
#
# having localhost in your radius configuration is a Good Thing.
#
# See the INSTALL file for pam.conf hints.