Changes to automatically provision,build and run Radius containers for Auth tests.
Changes to cord test server to handle radius server restart requests.
diff --git a/src/test/setup/radius-config/freeradius/mods-available/yubikey b/src/test/setup/radius-config/freeradius/mods-available/yubikey
new file mode 100644
index 0000000..d21c136
--- /dev/null
+++ b/src/test/setup/radius-config/freeradius/mods-available/yubikey
@@ -0,0 +1,141 @@
+#
+# This module decrypts and validates Yubikey static and dynamic
+# OTP tokens.
+#
+yubikey {
+ #
+ # The length (number of ASCII bytes) of the Public-ID portion
+ # of the OTP string.
+ #
+ # Yubikey defaults to a 6 byte ID (2 * 6 = 12)
+# id_length = 12
+
+ #
+ # If true, the authorize method of rlm_yubikey will attempt to split the
+ # value of User-Password, into the user's password, and the OTP token.
+ #
+ # If enabled and successful, the value of User-Password will be truncated
+ # and request:Yubikey-OTP will be added.
+ #
+# split = yes
+
+ #
+ # Decrypt mode - Tokens will be decrypted and processed locally
+ #
+ # The module itself does not provide persistent storage as this
+ # would be duplicative of functionality already in the server.
+ #
+ # Yubikey authentication needs two control attributes
+ # retrieved from persistent storage:
+ # * Yubikey-Key - The AES key used to decrypt the OTP data.
+ # The Yubikey-Public-Id and/or User-Name
+ # attributes may be used to retrieve the key.
+ # * Yubikey-Counter - This is compared with the counter in the OTP
+ # data and used to prevent replay attacks.
+ # This attribute will also be available in
+ # the request list after successful
+ # decryption.
+ #
+ # Yubikey-Counter isn't strictly required, but the server will
+ # generate warnings if it's not present when yubikey.authenticate
+ # is called.
+ #
+ # These attributes are available after authorization:
+ # * Yubikey-Public-ID - The public portion of the OTP string
+ #
+ # These attributes are available after authentication (if successful):
+ # * Yubikey-Private-ID - The encrypted ID included in OTP data,
+ # must be verified if tokens share keys.
+ # * Yubikey-Counter - The last counter value (should be recorded).
+ # * Yubikey-Timestamp - Token's internal clock (mainly useful for debugging).
+ # * Yubikey-Random - Randomly generated value from the token.
+ #
+ decrypt = no
+
+ #
+ # Validation mode - Tokens will be validated against a Yubicloud server
+ #
+ validate = no
+
+ #
+ # Settings for validation mode.
+ #
+ validation {
+ #
+ # URL of validation server, multiple URL config items may be used
+ # to list multiple servers.
+ #
+ # - %d is a placeholder for public ID of the token
+ # - %s is a placeholder for the token string itself
+ #
+ # If no URLs are listed, will default to the default URLs in the
+ # ykclient library, which point to the yubico validation servers.
+ servers {
+# uri = 'http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s'
+# uri = 'http://api2.yubico.com/wsapi/2.0/verify?id=%d&otp=%s'
+ }
+
+ #
+ # API Client ID
+ #
+ # Must be set to your client id for the validation server.
+ #
+# client_id = 00000
+
+ #
+ # API Secret key (Base64 encoded)
+ #
+ # Must be set to your API key for the validation server.
+ #
+# api_key = '000000000000000000000000'
+
+ #
+ # Connection pool parameters
+ #
+ pool {
+ # Number of connections to start
+ start = 5
+
+ # Minimum number of connections to keep open
+ min = 4
+
+ # Maximum number of connections
+ #
+ # If these connections are all in use and a new one
+ # is requested, the request will NOT get a connection.
+ max = 10
+
+ # Spare connections to be left idle
+ #
+ # NOTE: Idle connections WILL be closed if "idle_timeout"
+ # is set.
+ spare = 3
+
+ # Number of uses before the connection is closed
+ #
+ # 0 means "infinite"
+ uses = 0
+
+ # The lifetime (in seconds) of the connection
+ lifetime = 0
+
+ # idle timeout (in seconds). A connection which is
+ # unused for this length of time will be closed.
+ idle_timeout = 60
+
+ # Cycle over all connections in a pool instead of concentrating
+ # connection use on a few connections.
+ spread = yes
+
+ # NOTE: All configuration settings are enforced. If a
+ # connection is closed because of "idle_timeout",
+ # "uses", or "lifetime", then the total number of
+ # connections MAY fall below "min". When that
+ # happens, it will open a new connection. It will
+ # also log a WARNING message.
+ #
+ # The solution is to either lower the "min" connections,
+ # or increase lifetime/idle_timeout.
+ }
+ }
+}