Massimo Pistoni wrote:
The symptom is that the third (but also the fourth for simpler tries) of the following users statements does not match in the case of authentication based on a <username@suffix> style (with Suffix =! "lnf.infn.it"): -----------------------------------------------------------------------------
DEFAULT Auth-Type = Kerberos, Suffix == "lnf.infn.it"
DEFAULT Auth-Type = Kerberos, Suffix == "LNF.INFN.IT"
DEFAULT Auth-Type := Reject, Suffix =~ "@", Suffix !~ "@(.+\\.|)(infn\\.it|INFN\\.IT)$"
DEFAULT Auth-Type := Reject, Suffix =~ "@"
Why are you using the Suffix attribute? Why not just perform the checks on the User-Name attribute?
I tried several other syntax way, but it seems that regular expressions are disabled.
The same users file is regularly working in the version 1.1.1 and 1.1.7 installed on the same system.
Do the checks on the User-Name attribute. Quite frankly, I'm surprised that your example did anything in 1.1.x. Alan DeKok.