filter_inner_identity
Rodrigo Prieto
rodrigoprieto2019 at gmail.com
Wed Jun 11 20:53:52 UTC 2025
Thanks, Alan, for your help.
El mié, 11 jun 2025 a las 17:11, Alan DeKok via Freeradius-Users (<
freeradius-users at lists.freeradius.org>) escribió:
> On Jun 11, 2025, at 3:46 PM, Rodrigo Prieto <rodrigoprieto2019 at gmail.com>
> wrote:
> > Hi, I’m configuring TTLS+PAP and I have some doubts about how to hide
> > users' identities.
>
> Use "anonymous" for the outer identity, or if you're proving somewhere a
> domain name as @example.com
>
> > The configuration in the filter file rejects the request if the user
> > doesn’t use the word “anon”, but if I use anonrprieto as the outer
> identity
> > and rprieto as the inner identity, obviously it doesn’t reject it and the
> > inner identity gets exposed.
>
> So change the rule to check for "anomymous". The rules are text, and
> are editable.
>
> > Is there any way to protect against this, or is it unnecessary?
>
> You decide if it's necessary.
>
> In general, this kind of filtering is most important when the packets
> are being proxied outside of your local network. If you're not proxying,
> it doesn't matter.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list