"Lon R. Stockton, Jr." wrote:
>
> On Sun, 31 Oct 1999, Chris M wrote:
>
> > I'd like to strip leading characters including \ for users that are
> > using NT Domains and don't understand what they are doing on dialup :)
> >
> > So WORKGROUP\myname should be rewritten to myname.
>
> Off the top of my head....
>
> RewriteUsername s/^.*\\(.*)/$1/
>
> And if you insist on stripping the (nonexistant or incorrect) trailing
> spaces as well....
>
> RewriteUsername s/^.*\\(.*)\s*$/$1/
>
> > Here is what I have so far, this might be helpful to others also:
> >
> > <Realm mydomain.com>
> > # Strip leading white space
> > RewriteUsername s/^\s+//
> > # Strip trailing white space
> > RewriteUsername s/\s+$//
> > # turn into lowercase and chop domain
> > RewriteUsername tr/A-Z/a-z/
> > RewriteUsername s/^([^@]+).*/$1/
> > # attempt to strip leading \ and characters up to it (no workee, help)
> > RewriteUsername s/^(\\+).*//
>
> Remember that Regex matching in general (and RewriteUsername in specific)
> is slooowwwwww. You certainly want to cut down on the number of rewrite
> statements. For example, the first two you list could be done with one
> regex... "s/^\s*(.*)\s*$/$1/". On the other hand, I'd first make sure
> that you need to do that anyway; I've never seen leading and trailing
> spaces coming in on the username field, so that'd just be slowing it down
> for nothing in my case. In any case, both of the ones I tossed out at
> the top will strip leading spaces, and the second will strip trailing
> spaces (of course, only if a "\" is in the string to begin with).
>
> I'd suggest something like this for what you appear to want:
>
> # rewrite domain\username to username
> RewriteUsername s/^.*\\(.*)/$1/
> # rewrite username@domain to username
> RewriteUsername s/^(.*)\@.*/$1/
> # promote user lameness and increase security risks
> RewriteUsername tr/[A-Z]/a-z/
If you're worried about performance, you shouldn't use backreferences
(meaning $1 substitutions). They are completely unneeded in the above
expressions anyway. To answer the original request, the following
will strip any "xxx\" prefix, any "@xxx" suffix, and any leading or
trailing spaces:
# make life easier for our customers
RewriteUsername s/^.*\\|@.*$|^\s+|\s+$//g
# accommodating them is how we make a living
RewriteUsername tr/[A-Z]/a-z/
I don't understand the comment about increasing security risks. User
IDs aren't generally considered secret, as they are typically the same
as the user's email address. Relying on unusual capitalization of them
would be an odd approach to security, which would be better served by
increasing the password one character, which offers a similar increase
in security (about 6 bits) without confusing users.
I am all for making things easier for customers and myself. These are
good ideas I hadn't thought about. A quick check of my logs shows it
may save me about 1% of bad logins, too, which isn't a bad return for
five minutes' effort.
If you are so concerned about performance that you're afraid to do
things like this, you either shouldn't be running a RADIUS server
written in Perl, or you shouldn't be running on a 386. If you were to
profile Radiator, you would find these rewrites to be of trivial
impact.
Thanks,
Dave
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
