Re: addition to policy.conf
At least RFC 4282 which takes over the one you stated. I still believe it is good to separate it out to comprehensible checks as that will allow further enhancements/future changes to be trivial...and for less skilled admin to understand what it does On a bad day, more than 60% of our failed logins are due to duff realms with non-real format :( alan ----- Reply message ----- From: "Brian Candler" <B.Candler@pobox.com> Date: Tue, Jun 5, 2012 18:35 Subject: addition to policy.conf To: "FreeRadius developers mailing list" <freeradius-devel@lists.freeradius.org> On Mon, Jun 04, 2012 at 10:31:10PM +0200, Stefan Winter wrote:
Hi,
In that case though, I would be inclined to write a validation regexp which fully matches the ABNF in RFC 2486.
Elsewhere in the thread I presented arguments why a full check is a bad idea.
Do you have arguments to back up your "inclinedness" or is it just a gut feeling?
Only a gut feeling of "either enforce RFC 2486, or don't". Anything else seems to be a kludge to me. Has anyone actually *measured* what proportion of their failed logins are due to usernames containing two dots, or realms which start or end with a dot, or the other things the OP's regexp tests rejected? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
participants (1)
-
Alan Buxey