So which id are you talking about? if its the outer and the user has configured the machine correctly, all you're going to see is @realm - not much use other than "it's that institution" if its the inner then o.k. you've got a realm from the outer user-name and a userid from the inner but any accounting will be dumped locally. if its the inner and you've got a realm then you've got your userid to hand over and all the accounting should go back to the home institution … or have I got that wrong? Rgds A On 18 Apr 2013, at 16:47, Brian Julin <BJulin@clarku.edu> wrote:
Nick Lowe wrote: I would have thought that it is perfectly reasonable to return the identity back in the case you have roaming federations as long as it was an agreed requirement beforehand. I am of the opinion that this -should- be mandated as part of Eduroam, for example.
I'd have to disagree. We don't want to know anything about eduroam guest users other than an ID which to hand authorities which they can use to investigate with the home institution. The less we know, the less work we have to do when we get a subpoena.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html