Hi On Wed, Apr 25, 2012 at 11:58:06PM +0100, alan buxey wrote:
Matthew, I would say the check is a little sparse....and assumes
Yeah, good idea checking the RHS of the username - hadn't thought of that (scuttles off to implement it :) )
oh. actually, yes, you should ignore that i said add it to authorize.. what you SHOULD do is add the check to policy.conf and then call that policy name in authorize. ah, thats better, can sleep now! ;-)
:) I'm doing PEAP/EAP-TLS (PEAP for the SoH), and I run with my check-eap-tls patch, so I can easily check username and cert subject match, too. Gives more ways of verifying things look ok. Cheers, Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>