addition to policy.conf

Brian Candler B.Candler at pobox.com
Tue Jun 5 18:34:30 CEST 2012


On Mon, Jun 04, 2012 at 10:31:10PM +0200, Stefan Winter wrote:
> Hi,
> 
> > In that case though, I would be inclined to write a validation regexp
> > which fully matches the ABNF in RFC 2486.
> 
> Elsewhere in the thread I presented arguments why a full check is a bad
> idea.
> 
> Do you have arguments to back up your "inclinedness" or is it just a gut
> feeling?

Only a gut feeling of "either enforce RFC 2486, or don't". Anything else
seems to be a kludge to me.

Has anyone actually *measured* what proportion of their failed logins are
due to usernames containing two dots, or realms which start or end with a
dot, or the other things the OP's regexp tests rejected?


More information about the Freeradius-Devel mailing list