Routing new RFC7542-style realms

Stefan Paetow Stefan.Paetow at
Sun Oct 2 13:32:51 CEST 2016


I'm looking at how to configure FreeRADIUS to be able to handle
RFC7542-style usernames (i.e.
"realhome.realm!username at intermediate.realm"). At the same time, that same
FreeRADIUS server must be able to handle the standard RFC4282 NAI, and
authenticate NAIs that are local to it. The inner identity obviously
remains the standard NAI for the real home realm, unless someone else has
a better idea:

Scenario 1: Outer = username at intermediate.realm. Authenticate locally at
Scenario 2: Outer = realhome.realm!username at intermediate.realm. Route on
to 'realhome.realm'. Authenticate locally at 'realhome.realm'.

Scenario 1 works just fine... But Scenario 2?

I can define a prefix/suffix that works on the bang (!), so I can handle
one or the other... But not both?

Alan D, since RFC7542 is your baby, how do we do this? I'd love to know
this. :-)

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at
skype: stefan.paetow.janet

Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT
No. GB 197 0632 86. JiscĀ¹s registered office is: One Castlepark, Tower
Hill, Bristol, BS2 0JA. T 0203 697 5800.

More information about the Freeradius-Users mailing list