cui-inner.post-auth and cui.post-auth

stefan.paetow at diamond.ac.uk stefan.paetow at diamond.ac.uk
Wed Jan 29 11:35:27 CET 2014


> The Operator-Name is controlled by the visited site, the CUI is
> generated to serve the visited site, if the visited site wants to
> complicate things by messing with the values of the Operator-Name, the
> authenticating site cannot do much about it nor it should care.

However, having the user's home site generating different CUI values because the visited site happens to have used for example '1diamond.ac.uk' on one server, and after an upgrade using '1DIAMOND.AC.UK', is not ideal either. If the Operator-Name is technically speaking case-insensitive, then it would make sense to normalise it in some sort or fashion to generate consistent CUIs regardless of casing of the visited site's Operator-Name.

IMHO anyway. :-)

Stefan

-- 
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. 
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
 





More information about the Freeradius-Users mailing list