cui-inner.post-auth and cui.post-auth
Tomasz Wolniewicz
twoln at umk.pl
Tue Jan 28 23:15:51 CET 2014
Hi,
I am not convinced that not lowering the Operator-Name is an
inconsistency.
The Operator-Name value can be from any namespace registered for this
attribute. The REALM namespace is just one of possibilities.
The Operator-Name specification does not say that the value is
case-insensitive, therefore why should we make it such in the code.
We could say the same for the User-Name but while in theory User-Name is
case-sensitive in practice in most situations it will not be.
Without normalising the value of the User-Name we could be generating
different CUI values for the same user, and contrary to the
Operator-Name, the User-Name is controlled by the user.
The Operator-Name is controlled by the visited site, the CUI is
generated to serve the visited site, if the visited site wants to
complicate things by messing with the values of the Operator-Name, the
authenticating site cannot do much about it nor it should care.
Of course no harm will be done by applying lowercase to the
Operator-Name, but then there is no gain either and I argue that there
is no inconsistency.
Tomasz
--
Tomasz Wolniewicz
twoln at umk.pl http://www.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication
Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
More information about the Freeradius-Users
mailing list