regex 'fun'
Alan DeKok
aland at deployingradius.com
Tue Nov 3 22:51:30 CET 2009
Alexander Clouter wrote:
> I got those :alpha:-n-chums actually working and tested them with a
> bunch of test cases; they definitely seem to be doing what I would
> expect...well unless the realm has a space in it :)
Odd...
> Ignoring the 'space', the fact that there is not '.' in the Globalsign
> realms should have caused it to be rejected, which to me rules out the
> 'alnum'/'alpha' bits surely?
No idea. I'd have to figure out the regex, and I don't have time for
that.
> I never understood why eduroam just didn't use SRV records against
> the realm to find the RADIUS server and a DNS based whitelist to
> validate which realms were part of the community. :-/
It's hard. Once FreeRADIUS gets SRV support...
> The only complication I can see is the Message-Authenticator I think,
> however I would imagine the .ac.uk community can dig into the sofa for
> some loose change to hire some FreeRADIUS consultant...if he is not too
> busy lying with his feet kicked up in France with fresh food and good
> wine :)
I'm in Canada right now. Cold... wintry... good beer.
But RadSec and/or DTLS should solve much of the security issues.
> At this point I would imagine the eduroam world will descend upon me
> saying "the world is not 'a' FreeRADIUS", to which I reply "then you
> will not be part of it" if you are too lazy to configure a 'dumb'
> standalone FreeRADIUS proxy :)
>
> However, I am just a network monkey, no one listens to me :)
You said something?
Alan DeKok.
More information about the Freeradius-Users
mailing list