Normalising the User-Name AVP in an Access-Accept
Alex Sharaz
alex.sharaz at york.ac.uk
Thu Apr 18 18:00:09 CEST 2013
So which id are you talking about?
if its the outer and the user has configured the machine correctly, all you're going to see is @realm - not much use other than "it's that institution"
if its the inner then o.k. you've got a realm from the outer user-name and a userid from the inner but any accounting will be dumped locally.
if its the inner and you've got a realm then you've got your userid to hand over and all the accounting should go back to the home institution
… or have I got that wrong?
Rgds
A
On 18 Apr 2013, at 16:47, Brian Julin <BJulin at clarku.edu> wrote:
>
>> Nick Lowe wrote:
>> I would have thought that it is perfectly reasonable to return the
>> identity back in the case you have roaming federations as long as it
>> was an agreed requirement beforehand.
>> I am of the opinion that this -should- be mandated as part of Eduroam,
>> for example.
>
> I'd have to disagree. We don't want to know anything about eduroam
> guest users other than an ID which to hand authorities which they can
> use to investigate with the home institution. The less we know, the
> less work we have to do when we get a subpoena.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list