Hi, On Sun, Oct 03, 2010 at 08:56:06PM +0200, Carlos Soto wrote: > If a server is configured with auth-user-pass-optional and > username-as-common-name it is possible that the auth-user-pass-verify script > will validate a connection with no username as it is optional. It that case > the common_name becames blank and client-connect script may fail because it > does not have a value for the common name. I think that the common name > should never be blank so in cases where the username is blank and the > username-as-common-name option is enabled, the common_name should keep its > original value.
I'd NAK that. This would be surprising behaviour - if the admin configures
"username-as-common-name" he doesn't want "sometimes user name, sometimes
common name".
If the user name is blank, it's blank, and if that's copied to common_name,
a blank "common_name" field is the behaviour I would expect to see.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpcZgwfG_qJy.pgp
Description: PGP signature
