addition to policy.conf
Brian Candler
B.Candler at pobox.com
Sat Jun 2 22:34:17 CEST 2012
On Fri, Jun 01, 2012 at 07:47:24PM +0100, alan buxey wrote:
> a little something that I've been meaning to send out for a while. basically, a small
> addition to policy.conf (that probably could do with a few little extra additions) that will
> allow sites to easily check for NAI 4282 compliance
Which appears to be buggy:
> # Realm begins with a dot e.g. user at .site.com
> #
> if (User-Name !~ /@\\./) {
> update reply {
> Reply-Message = "misconfigured client. Realm begins with a dot"
> }
> reject
> }
Unless I am mistaken, that code will reject users whose realm *doesn't*
start with a dot.
There are also a number of simplifications possible, e.g.
> if(User-Name =~ /@(.+)?@/i ) {
could be more directly written as:
> if(User-Name =~ /@.*@/ ) {
HTH,
Brian.
More information about the Freeradius-Devel
mailing list