2 # Example of forbidding all attempts to login via
6 if (&User-Name && (&User-Name =~ /@|\\/)) {
14 # Force some sanity on User-Name. This helps to avoid issues
15 # issues where the back-end database is "forgiving" about
16 # what constitutes a user name.
24 # reject mixed case e.g. "UseRNaMe"
26 #if (&User-Name != "%{tolower:%{User-Name}}") {
31 # reject all whitespace
32 # e.g. "user@ site.com", or "us er", or " user", or "user "
34 if (&User-Name =~ / /) {
36 &Reply-Message += 'Rejected: Username contains whitespace'
43 # e.g. "user@site.com@site.com"
45 if (&User-Name =~ /@.*@/ ) {
47 &Reply-Message += 'Rejected: Multiple @ in username'
54 # e.g. "user@site..com"
56 if (&User-Name =~ /\.\./ ) {
58 &Reply-Message += 'Rejected: Username contains ..s'
64 # must have at least 1 string-dot-string after @
65 # e.g. "user@site.com"
67 if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
69 &Reply-Message += 'Rejected: Realm does not have at least one dot separator'
75 # Realm ends with a dot
76 # e.g. "user@site.com."
78 if (&User-Name =~ /\.$/) {
80 &Reply-Message += 'Rejected: Realm ends with a dot'
86 # Realm begins with a dot
87 # e.g. "user@.site.com"
89 if (&User-Name =~ /@\./) {
91 &Reply-Message += 'Rejected: Realm begins with a dot'
98 # Filter the User-Password
100 # Some equipment sends passwords with embedded zeros.
101 # This poliocy filters them out.
104 if (&User-Password &&
105 (&User-Password != "%{string:User-Password}")) {
107 &Tmp-String-0 := "%{string:User-Password}"
108 &User-Password := "%{string:Tmp-String-0}"