EAP-TLS: restricting CA certificate use to a subset of identities

[Alan DeKok]

Edgar Fuß wrote:
>> and have requests for different domains be handled by different modules.
> But how do I direct certain users to an instance of the eap module?

$ man unlang

authorize {
	...

	if (User-Name =~ /domain.com$/) {
		eap1
	}
	else {
		eap2
	}
	...
{

> Inside the eap module, I have check_cert_cn, but I would need to check the User-Name attribute against a fixed pattern.

  Yes... that can be done by checking the User-Name via a regex.

  Alan DeKok.