# the outer one is "example.com" and the inner
# is "secure.example.com"
#
+ # Note that we do EQUALITY checks for realm names.
+ # There is no simple way to do case insensitive checks
+ # on internationalized domain names. On top of that,
+ # allowing outer "anonymous@EXAMPLE.COM" and inner
+ # "user@example.com" is just stupid. The user should
+ # enter the same realm for both inner and outer identities.
+ #
if (&Inner-Realm-Name && &Outer-Realm-Name && \
(&Inner-Realm-Name != &Outer-Realm-Name) && \
(&Inner-Realm-Name !~ /\.%{Outer-Realm-Name}$/)) {