[freeside] export

Fri Jan 4 15:11:26 PST 2002

Dave Burgess <burgess at mitre.org> wrote on Fri, 04 Jan 2002 15:57:27 -0600....

+----------
| Message-ID: <3C362547.60733452 at mitre.org>
| References: <20020104190226.209C032E54 at cmheleu.cmh.net>
| Subject: Re: [freeside] export
| 
| Jeff Finucane wrote:
| 
| This is a general purpose warning from PERL.  It doesn't like to have a new variable
| suddenly appear in scope on the RHS.  $vpopdir is probably not getting initialized in
| scope unless the conf file exists.  I think that initializing the variables around line 81
| in that file would probably fix the warning.
+----------

  I see my production code includes 'if $vpopmailmachines[0]' in a sprinkling
of places.  CVS update forthcoming.

+----------
| I think the domain conf file has been deprecated in the 1.4.0pre7 code.
+----------

  The reference is meant for backwards compatibility.

+----------
| >   Perhaps there should be an '@' in the code at line 289.
| >
| >   $username=$svc_acct->username . '@' . $svc_domain->domain;
| >
| >   would cause 'joe at domain.com' to appear in the radius tables.
| >
| >   If you have other ideas about the username_policy behavior, I'd be
| > interested in hearing of them.  Clearly duplicate usernames in the
| > radius tables would be a bad thing.
| 
| I can't find a ready reference on what constitutes a valid username in a RADIUS file.
| 
| I think that would break RADIUS.  The syntax for the RADIUS file is the username (usually
| sans domain) followed by the Check Items on the same line, followed by the set items in
| the rest of the file.  I haven't looked at the code yet, but I have been working with
| RADIUS files for a long time.  I think the idea is that the username with the domain name
| concatenated is a reasonable way to identify multiple users from multiple domains.
| However it happens, the user probably needs to log in with the domain name on the end.
| 
+----------

 The original message referenced the tables for ICRadius support.  ICRadius
is not broken by '@' in usernames.  I would suggest not having local domains
overlap remote realms :|

  According to RFC2865 the username attribute MAY contain an '@' ...
in fact it MAY contain a lot of weird stuff...  text containing UTF-8
encoded 10646 characters, a network access identifier as described in 
RFC2486, or a distinguished name in ASN.1 form.  

  I am failing to see how radius breaks.  Please enlighten me.

-- 
jeff at cmh.net

"There is no worse tyranny than to force a man to pay for what he does
 not want merely because you think it would be good for him." 

 Professor Bernardo de le Paz
  [ R.A. Heinlein -- "The Moon is a Harsh Mistress" ]