Maybe you could just check the username directly?
<Handler Username=/@(netcologne.de|netaachen.de)$/i>
Or maybe you just want to reject any username with 2 @ symbols first,
and therefore should result in the realm check working how you want it to?
<Handler Username=/@.*@/>
<AuthBy INTERNAL>
Identifier AuthBy_REJECT
DefaultResult REJECT
RejectReason pre-defined REJECT.
</AuthBy>
</Handler>
On 16/09/14 07:50 AM, Roland Rosenfeld wrote:
> Hi!
>
> I noticed the following problem:
>
> I have a
>
> <Handler Realm=/^net(cologne|aachen)\.de$/i>
> ...
> </Handler>
>
> or alternatively
>
> <Realm /^net(cologne|aachen)\.de$/i>
> ...
> </Realm>
>
> defined. I expected those to match on u...@netcologne.de and
> u...@netaachen.de, but my logs show, that also u...@netcologne.de@foo
> (with two @ signs in the User-Name) gets access here.
>
> I'd like to keep out users with multiple "@" signs in their
> User-Name. Any idea how to enforce this?
>
> In the manual I found the difference between %R (everything following
> the _first_ @ sign in the User-Name) and %K (everything following the
> _last_ @ sign in the User-Name), so there seems to be some logic about
> multiple @ signs, but how can I use this for my Realm matching?
>
> Tschoeeee
>
> Roland
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
