[RADIATOR] Simple Question Regarding Realm Handling
Ullfig, Roberto Alfredo
rullfig at uic.edu
Thu Jan 6 15:37:02 UTC 2022
We are now using UsernameMatchesWithoutRealm whereas before we required the domain not be included.
<Handler ConvertedFromEAPMSCHAPV2=1>
...
<AuthBy NTLM>
UsernameMatchesWithoutRealm
DefaultDomain AD
</AuthBy>
But I believe this will strip remote domains as well - so someone could enter a remote domain and it would still work (as long as they have an account locally of course). Would adding a new handler above like the following fix this?
<Handler ConvertedFromEAPMSCHAPV2=1 Realm=/^(?:.+\.)*uic\.edu$/i>
...
<AuthBy NTLM>
UsernameMatchesWithoutRealm
DefaultDomain AD
</AuthBy>
We want to allow both username and username at uic.edu - but not accept something like username at usa.gov.
---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20220106/d392d066/attachment-0001.html>
More information about the radiator
mailing list