[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue 79; digest-auth realm validation
Here's a complete text proposal:
The RADIUS server MUST check if the user identified by the User-Name
o is authorized to access the protection space defined by the
Digest-URI and Digest-Realm attributes,
o is authorized to use the URI included in the SIP-AOR attribute, if
this attribute is present.
If any of those checks fails, the RADIUS server MUST send an
Correlation between User-Name and SIP-AOR AVP values is required just
to avoid that any user can register or misuse a SIP-AOR allocated to
A RADIUS server MUST check if the RADIUS client is authorized to
serve users of the realm mentioned in the Digest-Realm attribute. If
the RADIUS client is not authorized, the RADIUS server sends an
Access-Reject. The RADIUS server considers this client as
compromised. It notifies the operator and rejects all future
requests from this client, until some management action tells it to
do so again.
Please send me a note if you have objections/additions about this text so
we can close the issue.
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.