Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc

to hook the rc script and modify etc/rc.conf to make it disable by
default.  Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt

src/etc/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.404 2015/07/03 22:05:53 millert Exp $
+#	$OpenBSD: Makefile,v 1.405 2015/08/03 04:19:25 yasuoka Exp $
 
 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@@ -47,8 +47,8 @@ EXAMPLES+= wsconsctl.conf
 
 # -rw-------
 EXAMPLES_600=bgpd.conf dvmrpd.conf hostapd.conf iked.conf ipsec.conf \
-	ldapd.conf ldpd.conf ospf6d.conf ospfd.conf pf.conf rc.local \
-	rc.securelevel rc.shutdown relayd.conf ripd.conf \
+	ldapd.conf ldpd.conf ospf6d.conf ospfd.conf pf.conf radiusd.conf \
+	rc.local rc.securelevel rc.shutdown relayd.conf ripd.conf \
 	sasyncd.conf snmpd.conf ypldap.conf 
 
 # -r-xr-xr-x

src/etc/changelist

@@ -1,4 +1,4 @@
-#	$OpenBSD: changelist,v 1.107 2015/07/23 14:49:10 sthen Exp $
+#	$OpenBSD: changelist,v 1.108 2015/08/03 04:19:25 yasuoka Exp $
 #
 # List of files which the security script backs up and checks
 # for modifications.
@@ -90,6 +90,7 @@
 /etc/profile
 /etc/protocols
 +/etc/pwd.db
++/etc/radiusd.conf
 /etc/rbootd.conf
 /etc/rc
 /etc/rc.conf

src/etc/examples/radiusd.conf

@@ -0,0 +1,26 @@
+#	$OpenBSD: radiusd.conf,v 1.1 2015/08/03 04:19:25 yasuoka Exp $
+
+listen on 0.0.0.0
+#listen on ::
+
+client 127.0.0.1/32 {
+	secret "secret"
+}
+client 192.168.0.0/24 {
+	secret "secret"
+	msgauth-required yes
+}
+
+module load bsdauth "/usr/libexec/radiusd/radiusd_bsdauth"
+module set bsdauth  restrict-group operator
+
+module load radius  "/usr/libexec/radiusd/radiusd_radius"
+module set radius "secret" "testing123"
+module set radius "server" "127.0.0.1"
+
+authenticate *@local {
+	authenticate-by bsdauth
+}
+authenticate *@example.com {
+	authenticate-by radius
+}

src/etc/mtree/special

@@ -1,4 +1,4 @@
-#	$OpenBSD: special,v 1.114 2015/07/23 14:49:10 sthen Exp $
+#	$OpenBSD: special,v 1.115 2015/08/03 04:19:25 yasuoka Exp $
 #
 # Hand-crafted mtree specification for the dangerous files.
 #
@@ -75,6 +75,7 @@ ospf6d.conf	type=file mode=0600 uname=root gname=wheel optional
 passwd		type=file mode=0644 uname=root gname=wheel
 pf.conf		type=file mode=0600 uname=root gname=wheel optional
 printcap	type=file mode=0644 uname=root gname=wheel optional
+radiusd.conf	type=file mode=0600 uname=root gname=wheel optional
 rc		type=file mode=0644 uname=root gname=wheel
 rc.conf		type=file mode=0644 uname=root gname=wheel
 rc.conf.local	type=file mode=0644 uname=root gname=wheel optional

src/etc/rc

@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.454 2015/07/20 06:59:39 rpe Exp $
+#	$OpenBSD: rc,v 1.455 2015/08/03 04:19:25 yasuoka Exp $
 
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
@@ -494,7 +494,7 @@ echo 'preserving editor files.'; /usr/libexec/vi.recover
 
 echo -n 'starting network daemons:'
 start_daemon ldomd sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
-start_daemon relayd dhcpd dhcrelay mrouted dvmrpd
+start_daemon relayd dhcpd dhcrelay mrouted dvmrpd radiusd
 
 if ifconfig lo0 inet6 >/dev/null 2>&1; then
 	fw=`sysctl -n net.inet6.ip6.forwarding`

src/etc/rc.conf

@@ -1,4 +1,4 @@
-#	$OpenBSD: rc.conf,v 1.203 2015/05/18 13:48:38 deraadt Exp $
+#	$OpenBSD: rc.conf,v 1.204 2015/08/03 04:19:25 yasuoka Exp $
 
 # DO NOT EDIT THIS FILE!!
 #
@@ -44,6 +44,7 @@ ntpd_flags=
 ospfd_flags=NO
 ospf6d_flags=NO
 pflogd_flags=		# add more flags, e.g. "-s 256"
+radiusd_flags=NO
 rarpd_flags=NO
 rbootd_flags=NO
 relayd_flags=NO

src/etc/rc.d/radiusd

@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# $OpenBSD: radiusd,v 1.1 2015/08/03 04:19:25 yasuoka Exp $
+
+daemon="/usr/sbin/radiusd"
+
+. /etc/rc.d/rc.subr
+
+rc_reload=NO
+
+rc_cmd $1