8 Jan
2012
8 Jan
'12
3:28 p.m.
Graham Leggett wrote:
That wasn't quite what I was after, but rather a generic way to ensure the User-Name matches either dnsName or rfc822Name in the subjectAltName, depending on whether the peer was a host or a person.
Turned out the patch to implement this was simple, for freeradius-server-master:
I'd prefer a patch which creates an attribute, just like the TLS-Cert-* attributes. The reason is that policies can be created by the administrator. A hard-coded check is likely more code and less flexible. Alan DeKok.