Hello,

I have two clients that proxy access requests to me. The realm varies, but the format is always userid@realm.whatever

Is there a way that I can deny a specific realm when an access request is received from a specific client?

I tried adding something to policy.conf but I couldn't get the syntax right:

#Prevent secretrealm from logging in off-campus 
remote_secret_reject 
if ("%{Realm}" == "secretrealm.ca") && ((Client-Shortname == "proxy-client1") || (Client-Shortname == "proxy-client2"))) { 
reject
 }

Is there a different way that I should be doing this?

Thanks,
Dave

Dave Aldwinckle
Network Support Specialist
Information Systems and Technology
Phone: (519)-888-4567 ext. 31145
E-Mail: daldwinc@uwaterloo.ca