a.l.m.bu...@lboro.ac.uk wrote:
> does this fix mean that TTLS and PEAP get the inner identity copied
> correctly so there is no more need for
>
> update outer.reply {
> User-Name = "%{User-Name}"
> }
That's still needed. The question is what do you want the server to
do. Always over-ride the outer name with the inner one? If so, why is
the outer one "anonymous", and the inner one "u...@realm"?
i.e. "anonymous" is being used to hide the inner name... which
promptly gets exposed with that rule. Is this a good idea?
What else could be done to be secure, but also useful?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
