[Serdev] auth_radius module problems in pre39
Jan Janak
jan at iptel.org
Sat Jul 12 08:09:27 UTC 2003
On 12-07 01:18, Maxim Sobolev wrote:
> Operating system is FreeBSD 4.8. Please let me know what else do you
> need for debugging.
And architecture ? ia32 ?
> > Do you mean that To or From domain name is compared to realm ? This
> > comparison was introduced by Juha for multi-domain support. A request
> > must have To or From (depending on request type) domain same as the
> > digest realm value. The reason for this check is that a proxy can
> > handle multiple domain concurrently, in that case it is good to check
> > the domain and realm, otherwise users might use their credentials for
> > realm A to get access to realm B even if they have no credentials for
> > realm B.
>
> I see your point, but for single realm configurations can we provide a
> config option which will disable this check?
Yes, we can make it a configurable option, but is that really
necessary ? I mean, the realm is just a string that should be
displayed to the user and that the proxy uses to find the
corresponding credentials.
Before I make it a configurable option, what exactly do you need to
achieve that it is not possible with the check ?
Jan.
More information about the Serdev
mailing list