On Fri, Jun 01, 2012 at 07:47:24PM +0100, alan buxey wrote:
a little something that I've been meaning to send out for a while. basically, a small addition to policy.conf (that probably could do with a few little extra additions) that will allow sites to easily check for NAI 4282 compliance
Which appears to be buggy:
# Realm begins with a dot e.g. user@.site.com # if (User-Name !~ /@\\./) { update reply { Reply-Message = "misconfigured client. Realm begins with a dot" } reject }
Unless I am mistaken, that code will reject users whose realm *doesn't* start with a dot. There are also a number of simplifications possible, e.g.
if(User-Name =~ /@(.+)?@/i ) {
could be more directly written as:
if(User-Name =~ /@.*@/ ) {
HTH, Brian.