Alexander Clouter wrote: > I got those :alpha:-n-chums actually working and tested them with a > bunch of test cases; they definitely seem to be doing what I would > expect...well unless the realm has a space in it :)
Odd... > Ignoring the 'space', the fact that there is not '.' in the Globalsign > realms should have caused it to be rejected, which to me rules out the > 'alnum'/'alpha' bits surely? No idea. I'd have to figure out the regex, and I don't have time for that. > I never understood why eduroam just didn't use SRV records against > the realm to find the RADIUS server and a DNS based whitelist to > validate which realms were part of the community. :-/ It's hard. Once FreeRADIUS gets SRV support... > The only complication I can see is the Message-Authenticator I think, > however I would imagine the .ac.uk community can dig into the sofa for > some loose change to hire some FreeRADIUS consultant...if he is not too > busy lying with his feet kicked up in France with fresh food and good > wine :) I'm in Canada right now. Cold... wintry... good beer. But RadSec and/or DTLS should solve much of the security issues. > At this point I would imagine the eduroam world will descend upon me > saying "the world is not 'a' FreeRADIUS", to which I reply "then you > will not be part of it" if you are too lazy to configure a 'dumb' > standalone FreeRADIUS proxy :) > > However, I am just a network monkey, no one listens to me :) You said something? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html