http://www.livingston.com/Tech/Docs/Release/radius201.shtml
Livingston RADIUS SERVER 2.0.1 Release, May 27, 1997
...
Before upgrading, read the WARNING below that usernames with spaces are now
rejected, instead of treated as if the spaces were not present.
...
User-names with spaces in them are now rejected, instead of being truncated
at the space and then compared. The problem with just truncating is that
the accounting records would include the space in the username, so unless
accounting scripts were carefully written the users "fred" "fred " and
"fred baker" were all treated differently. In RADIUS 2.0, all three of
those would be authenticated as "fred". In RADIUS 2.0.1 the first will be
authenticated as "fred" and the second and third will be rejected.
WARNING! If you depended on the previous behavior of truncating usernames
at the first space, do not upgrade to this release. Wait for the source
release so you can modify the code.
At 08:59 AM 7/25/97 -0500, Jason Robbins wrote:
>A user, lets call him 'joe' accidentally logged in yesterday with his
>username, a space and his lastname, 'joe last'. He authenticated
>just fine, and a show session listed him as 'joe last', as did the detail
>file. We are using radius, system authentication to a linux box.
>Haven't checked yet to see if I can log into linux as 'joe testguy'
>(but I seriously doubt it). I don't know if this is a security
>issue, but at the very least, it makes examining the detail file a
>little more difficult.
--- jstorms@livingston.com Diplomacy: The art of saying good doggie while seaching for a big rock.