Graham Leggett wrote: > That wasn't quite what I was after, but rather a generic way to ensure the > User-Name matches either dnsName or rfc822Name in the subjectAltName, > depending on whether the peer was a host or a person. > > Turned out the patch to implement this was simple, for > freeradius-server-master:
I'd prefer a patch which creates an attribute, just like the TLS-Cert-* attributes. The reason is that policies can be created by the administrator. A hard-coded check is likely more code and less flexible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
