Re: Implementation Survey: How does your EAP peer/RADIUS proxy handle internationalization?

[Bernard Aboba <aboba@internaut.com>]

> Which is difficult, especially since the locale information isn't
> sent in the RADIUS packet.  Without that, I'm not sure how to use
> stringprep properly to get better string comparisons.

Right.  Is this something we should try to fix, or just leave alone?

>   As an implementor, my inclination is to avoid the whole issue as it
> relates to software, and push it back to the users and administrators.
>
>   That is, get them to type in the strings (names, realms, etc.) as
> opaque tokens which have to be entered in one "normal" form.

I guess this makes sense.  The user has to know how the administrator set
up their account if they hope to be able to authenticate successfully.
This includes understanding exactly how the NAI was internationalized.

> Precedent exists for this request, in the Windows warning messages
> about "you must have capslock off...", which tells the user that what
> *they* think of as equivalent strings are not, and the strings must
> always be entered as exactly the same set of characters.
>
>   I don't recall hearing that this was an issue for FreeRADIUS, and
> it's used in many, many internationalized configurations.

I don't recall hearing complaints about Microsoft IAS either.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>