--- a/doc/radius_gw.conf.sample	Wed Apr 01 16:32:10 2009 +0900
+++ b/doc/radius_gw.conf.sample	Thu Apr 02 11:15:39 2009 +0900
@@ -31,11 +31,12 @@
 # auth_server_ipv6 = :: ;
 
 # Enabling the auth server is not sufficient, one must provide additional modules
-# that will convert the specific RADIUS messages depending on application.
-# When a RADIUS message is received and no module is available to handle it, it is logged and 
-# and an error is returned.
-# auth_mod = rad_eap : rad_eap.conf ;
-# auth_mod = rad_pap ;
+# that will convert the specific RADIUS messages / attributes depending on application.
+# When a RADIUS message is received and no module is available to handle it / one of its attributes, 
+# it is logged and an error message is returned.
+# auth_mod = radius_2865 ;                       # RADIUS base RFC, PAP / CHAP authentication (NASREQ)
+# auth_mod = radius_3579 : radius_eap.conf ;     # RADIUS EAP RFC (Diameter EAP)
+# auth_mod = radius_ignore : radius_ignore.conf; # list of attributes to discards / blind copy in answers.
 
 
 ################
@@ -61,3 +62,14 @@
 # acct_app_id = 0;
 
 
+##################
+# RADIUS Clients #
+##################
+
+# Each RADIUS client must be declared in the form: IP = shared-secret ;
+# IP can be ipv4 or ipv6
+# shared-secret can be a quoted string, or a list of hexadecimal values.
+# examples:
+# 192.168.100.1 = "secret key" ; # the shared secret buffer is 0x736563726574206b6579 (length 10 bytes)
+# fe00::1 = 73 65 63 72 65 74 20 6b 65 79; # same shared secret as previously
+# When a packet is received from an IP not declared here, it is silently discarded.