For EAP-TTLS authentication, this optional parameter tells Radiator to allow only the specified attributes in requests from EAP-TTLS clients. Attributes that are not allowed are ignored and logged on debug level.

By default, the following attributes are allowed in requests.

These are the attributes from EAP-TTLS RFC 5281 except of the password change related attributes, which are currently not allowed by default.

Here is an example of using EAP_TTLS_AllowInRequest:

# Also allow our vendor specific attribute in EAP-TTLS requests
EAP_TTLS_AllowInRequest OSC-AVPAIR, User-Name, User-Password, \
         CHAP-Password, CHAP-Challenge, EAP-Message, \
         MS-CHAP-Response, MS-CHAP-Challenge, MS-CHAP2-Response