Realm question..

[Alan DeKok]

"TS" <tony at thewordzone.co.uk> wrote:
> The object is to not to have to configure any realms as local.

  That conflicts directly with your requirement to allow users to log
in as "user" or "user at realm".

> If I have a user whose username is user1 at arealm.com I can easily specify
> arealm.com as local. But if by mistake the user types the username as
> user1 at brealm.com auth will just fail because the realm isn't specified in
> proxy.conf.

  Then you can't use realms.  You've got to configure a module to
strip out everything after the "@" sign.

  The 'realms" module, and proxy.conf are meant to deal with known
realms.  If you want to deal with unknown realms, you have to use
something else.

> If not then authenticate it locally no matter what the realm is but before
> authenticating it strip off the realm and just use everything before the @
> sign as the username.

  Then configure it to do that, but you can't use realms.  You'll have
to use another module to re-write the username for the packets that
aren't proxied.

  The simplest thing for you to do might be to create a wildcard realm
by modifying rlm_realm.

  Alan DeKok.