From 9eebebe0b40c6456fa974c744c48f07ed2f53f7f Mon Sep 17 00:00:00 2001 From: venaas Date: Wed, 23 May 2007 08:26:04 +0000 Subject: now uses regexp for realms including warnings that will be removed later git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@96 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.conf-example | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'radsecproxy.conf-example') diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index 62d5836..6e1c055 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -33,6 +33,13 @@ TLSCertificateKeyPassword follow the white rabbit #also the lines above may be in any order, except that a realm #can only be configured to use a server that is previously configured. +#Also note that case insensitive regexp is used for realms, matching +#the entire username string. The matching is done in the order the +#realms are specified, using the first match found. Some examples are +#"@example\.com$", "\.com$", ".*" and "[a-z].*@example\.com$". +#To treat local users separately you might try first specifying "@" +#and after that ".*". + client 2001:db8::1 { type tls secret verysecret @@ -50,7 +57,7 @@ server 127.0.0.1 { type UDP secret secret } -realm eduroam.cc { +realm @eduroam\.cc$ { server 127.0.0.1 } @@ -64,16 +71,12 @@ server radius.example.com { secret verysecret } -realm example.com { +realm @example\.com$ { server 2001:db8::1 } -realm com { +realm \.com$ { server 2001:db8::1 } -# Matching of realms is done in the order specified. -# Except * which is a catch all that is used as a last resort -# The matching is going to be changed to be regexp of the -# entire username value -realm * { +realm .* { server radius.example.com } -- cgit v1.1