Note policy for filtering user names

author Alan T. DeKok <aland@freeradius.org>

Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 29 Aug 2011 14:03:47 +0000 (10:03 -0400)
author Alan T. DeKok <aland@freeradius.org>
Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 29 Aug 2011 14:03:47 +0000 (10:03 -0400)
diff --git a/raddb/sites-available/default b/raddb/sites-available/default

index 7455e80..20c72ac 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -68,6 +68,17 @@
  #  need to setup hints for the remote radius server
  authorize {
         #
+       #  Security settings.  Take a User-Name, and do some simple
+       #  checks on it, for spaces and other invalid characters.  If
+       #  it looks like the user is trying to play games, reject it.
+       #
+       #  This should probably be enabled by default.
+       #
+       #  See policy.conf for the definition of the filter_username policy.
+       #
+#      filter_username
+
+       #
         #  The preprocess module takes care of sanitizing some bizarre
         #  attributes in the request, and turning them into attributes
         #  which are more standard.
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 29 Aug 2011 14:03:47 +0000 (10:03 -0400)