"TS" <tony@thewordzone.co.uk> wrote:
The object is to not to have to configure any realms as local.
That conflicts directly with your requirement to allow users to log in as "user" or "user@realm".
If I have a user whose username is user1@arealm.com I can easily specify arealm.com as local. But if by mistake the user types the username as user1@brealm.com auth will just fail because the realm isn't specified in proxy.conf.
Then you can't use realms. You've got to configure a module to strip out everything after the "@" sign. The 'realms" module, and proxy.conf are meant to deal with known realms. If you want to deal with unknown realms, you have to use something else.
If not then authenticate it locally no matter what the realm is but before authenticating it strip off the realm and just use everything before the @ sign as the username.
Then configure it to do that, but you can't use realms. You'll have to use another module to re-write the username for the packets that aren't proxied. The simplest thing for you to do might be to create a wildcard realm by modifying rlm_realm. Alan DeKok.