[RADIATOR] Two "@" in User-Name: first Realm is used

Michael ringo at vianet.ca
Tue Sep 16 12:36:56 CDT 2014


Maybe you could just check the username directly?
<Handler Username=/@(netcologne.de|netaachen.de)$/i>



Or maybe you just want to reject any username with 2 @ symbols first, 
and therefore should result in the realm check working how you want it to?
<Handler Username=/@.*@/>
     <AuthBy INTERNAL>
             Identifier AuthBy_REJECT
             DefaultResult REJECT
             RejectReason pre-defined REJECT.
     </AuthBy>
</Handler>




On 16/09/14 07:50 AM, Roland Rosenfeld wrote:
> Hi!
>
> I noticed the following problem:
>
> I have a
>
> <Handler Realm=/^net(cologne|aachen)\.de$/i>
>           ...
> </Handler>
>
> or alternatively
>
> <Realm /^net(cologne|aachen)\.de$/i>
>           ...
> </Realm>
>
> defined.  I expected those to match on user at netcologne.de and
> user at netaachen.de, but my logs show, that also user at netcologne.de@foo
> (with two @ signs in the User-Name) gets access here.
>
> I'd like to keep out users with multiple "@" signs in their
> User-Name.  Any idea how to enforce this?
>
> In the manual I found the difference between %R (everything following
> the _first_ @ sign in the User-Name) and %K (everything following the
> _last_ @ sign in the User-Name), so there seems to be some logic about
> multiple @ signs, but how can I use this for my Realm matching?
>
> Tschoeeee
>
>          Roland
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>



More information about the radiator mailing list