Spaces in the end of User-Name.
Alexander Clouter
alex at digriz.org.uk
Wed Jan 19 09:54:11 CET 2011
admin <bp at iptv.by> wrote:
>
>>> What i must to specify in a config file of freeradius2 that in each
>>> request before its further handling it automatically deleted spaces
>>> in the end of %{User-Name}?
>>
>> You need to write a custom rule in "unlang".
>
> Something of type such this?
>
> if ("%{User-Name}"=~/([a-zA-Z0-9_.]+)\s+$/i) {
> %{User-Name}=%{1}
> }
>
> Where it is necessary to insert it in config file that User-Name changed
> globally before any actions with it?
>
No, that's incorrect...I am also not going to help you hang yourself by
giving you the answer :)
>> However... my $0.02 is that you shouldn't. Instead, if you see a
>> User-Name with spaces, *reject* it. The user is trying to play
>> games.
>
> Yes, but it creates many questions from users.
>
It creates even more problems for you later on down the line. There
will be times when you will be unable to strip the whitespace (maybe you
auth straight against LDAP, say Apache doing group membership checks
against LDAP...the whitespace will *kill* you) from a username and those
users stuck in the habit of putting spaces in usernames will come back
and haunt you.
Best to make it work only if you do things correctly.
Ideally you should do something like:
----
authorization {
[snipped]
if (User-Name =~ /^\s/ || User-Name =~ /\s$/) {
update reply {
Reply-Message := "Remove spaces from User-Name"
}
reject
}
[snipped]
}
----
Hopefully your environment enables that message to get back to the user.
Cheers
--
Alexander Clouter
.sigmonster says: If you can't understand it, it is intuitively obvious.
More information about the Freeradius-Users
mailing list