(RADIATOR) Having "UsernameMatchesWithoutRealm" works in DIGIPASS authentication

SCHELL Jérôme (Ext ASTEK) ext.astek.jerome.schell at sncf.fr
Thu Mar 1 10:13:11 CST 2007


Hello,

We are in the process of evaluating Radiator for our authentication service.
We are using VASCO DIGIPASS and a global LDAP directory.
I am currently using the default realm functionnality of Radiator at the NAS level to decide of the authentication method for the user.
Nevertheless I don't want DIGIPASS lookups in the LDAP directory to include the realm (the @realm part), so I specify the "UsernameMatchesWithoutRealm" parameter in my AuthBy section.
Unfortunately this doesn't work. The lookup for the LDAPDIGIPASS module is using the username at realm form.

After looking at the code (thanks Perl :) ) I made some modifications that seems to solve the problem. You will find attached the patch on Radius/AuthDIGIPASSGeneric.pm.
I don't know if this modification affects other part of the product.

Does anybody knows if there is another way of doing the realm strip from the username for LDAPDIGIPASS authentication?

Best regards,
-- 
Jérôme Schell
SNCF - DSIT XIF/IN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AuthDIGIPASSGeneric.pm.diff
Type: application/octet-stream
Size: 736 bytes
Desc: AuthDIGIPASSGeneric.pm.diff
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070301/5d74ba76/attachment.obj>


More information about the radiator mailing list