2 Jun
2009
2 Jun
'09
5:01 a.m.
A.L.M.Buxey@lboro.ac.uk wrote:
does this fix mean that TTLS and PEAP get the inner identity copied correctly so there is no more need for
update outer.reply { User-Name = "%{User-Name}" }
That's still needed. The question is what do you want the server to do. Always over-ride the outer name with the inner one? If so, why is the outer one "anonymous", and the inner one "user@realm"? i.e. "anonymous" is being used to hide the inner name... which promptly gets exposed with that rule. Is this a good idea? What else could be done to be secure, but also useful? Alan DeKok.