addition to policy.conf
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Jun 5 19:19:57 CEST 2012
At least RFC 4282 which takes over the one you stated.
I still believe it is good to separate it out to comprehensible checks as that will allow further enhancements/future changes to be trivial...and for less skilled admin to understand what it does
On a bad day, more than 60% of our failed logins are due to duff realms with non-real format :(
alan
----- Reply message -----
From: "Brian Candler" <B.Candler at pobox.com>
Date: Tue, Jun 5, 2012 18:35
Subject: addition to policy.conf
To: "FreeRadius developers mailing list" <freeradius-devel at lists.freeradius.org>
On Mon, Jun 04, 2012 at 10:31:10PM +0200, Stefan Winter wrote:
> Hi,
>
> > In that case though, I would be inclined to write a validation regexp
> > which fully matches the ABNF in RFC 2486.
>
> Elsewhere in the thread I presented arguments why a full check is a bad
> idea.
>
> Do you have arguments to back up your "inclinedness" or is it just a gut
> feeling?
Only a gut feeling of "either enforce RFC 2486, or don't". Anything else
seems to be a kludge to me.
Has anyone actually *measured* what proportion of their failed logins are
due to usernames containing two dots, or realms which start or end with a
dot, or the other things the OP's regexp tests rejected?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20120605/76c7e93d/attachment.html>
More information about the Freeradius-Devel
mailing list