Installation:

* Install GNU make (you don't need GCC if you have a decent ANSI C compiler,
  but it's been a while since I last tested with Watcom or Compaq)
* Unpack the source tarball
* Define paths and other compile-time settings in your platform's 
  Makefile.<platform>, substituting <platform> with eg. gnu, bsd or osx, and
  the same goes for the lines below. Only the GNU makefile is maintained by
  the author, the rest is updated only if someone posts a problem and a tested
  solution.
* Type 'make -f Makefile.<platform>'
* Type 'make -f Makefile.<platform> install'
  Remarks:
  - Do the last step as a user who has write permissions to the installation
    directories, eg. root.
  - The server should be run under a non-root account. Running the server
    as root is completely unneccessary and therefore not recommended. 
  - The group ID of all files and directories installed under 
    .../etc/openradius should be changed to a primary or secondary group
    of the account that will run the server.
  - An installation path prefix, for eg. creating binary packages, can be
    specified by adding 'INST_PREFIX=/some/other/path' to your 'make install'
    command line.

Configuration:

* Edit .../etc/openradius/configuration for ports and addresses to listen on, 
  the modules to run and their command line parameters.
* Edit .../etc/openradius/behaviour to define how to handle incoming requests.
  Some examples are provided in the examples/ subdirectory in the source.

Testing:

* Run the server in the foreground, with moderate debugging turned on:
  .../sbin/radiusd -dall -b
* Send it a RADIUS request from another terminal on the same machine:
  .../bin/radtest -v evbergen welcome1 localhost h1dd3n
  If you run the default behaviour file and the flat ASCII database as 
  installed in .../etc/legacy/users, you should get an Access-Accept,
  otherwise you should get an Access-Reject. You should not see any
  retransmissions.

Deployment:

* Example sysvinit and daemontools/runit scripts are provided under examples/
* It is recommended keep -dsend enabled, to log a one line summary of each
  transaction as defined in the behaviour file by Log-Line.
* OpenRADIUS, like any RADIUS server, should only be able to receive requests 
  from a defined set of hosts, using platform or network level firewalling at
  the IP layer in addition to the server's own RADIUS client lookup.

