Note policy for filtering user names

author Alan T. DeKok <aland@freeradius.org>

Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 29 Aug 2011 14:03:47 +0000 (10:03 -0400)
author Alan T. DeKok <aland@freeradius.org>
Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 29 Aug 2011 14:03:47 +0000 (10:03 -0400)
diff --git a/raddb/sites-available/default b/raddb/sites-available/default

index 7455e806c5c9bd01b28af3cd894ecdeaaca273d4..20c72ac64b34233fe4a274689d08251f361fa444 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -67,6 +67,17 @@
  #  Make *sure* that 'preprocess' comes before any realm if you 
  #  need to setup hints for the remote radius server
  authorize {
+       #
+       #  Security settings.  Take a User-Name, and do some simple
+       #  checks on it, for spaces and other invalid characters.  If
+       #  it looks like the user is trying to play games, reject it.
+       #
+       #  This should probably be enabled by default.
+       #
+       #  See policy.conf for the definition of the filter_username policy.
+       #
+#      filter_username
+
         #
         #  The preprocess module takes care of sanitizing some bizarre
         #  attributes in the request, and turning them into attributes
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 29 Aug 2011 14:03:11 +0000 (10:03 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 29 Aug 2011 14:03:47 +0000 (10:03 -0400)