Account preProcessing

Larry Ross lfross at ucdavis.edu
Wed Mar 25 00:49:29 CET 2009


Good Afternoon All;

Currently my institution allows for registered users to create guest accounts for visitors to enable wireless access for the guest users (Wireless access is controlled via Captive Portal/PAP with a Kerberos Directory backend).
Registered users create the guest accounts using the guest users eMail address, such as Jdoe at gmail.com jdoe at hotmail.com etc etc etc.  This poses a slight problem though as the "@" sign is a reserved character for Kerberos and thus principles with the "@" cannot be created within our KDC.  To solve this problem the account generation application substitutes  the "@" for a "+" (so kerberos principles are created in the form jdoe+gmail.com jdoe+hotmail.com).
If guest users remember to sub a "+" for their "@" all is well, however often times people forget this and get stuck wondering why their username jdoe at gmail.com is failing when they have been assured all is well.
To completely eradicate this situation we would like to place a Freeradius instance in place of our proprietary radius solution and have it perform the substitution during authentication, so neither the Guest or registered user need concern themselves with the whole "@" "+" thing (so from their standpoint the principle is jdoe at gmail.com nice and easy... for them ;)
I have been trying to determine the best way to accomplish this and would greatly appreciate any ideas as to how this may be completed.

Thank you much.

Larry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090324/f80f1cf3/attachment.html>


More information about the Freeradius-Users mailing list