[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Follow up on Authorize Only issue

To: isms@ietf.org, radiusext@ops.ietf.org
Subject: RE: Follow up on Authorize Only issue
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Fri, 21 Jul 2006 23:57:53 -0700
Bcc:
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE5022D0EBB@xmb-sjc-225.amer.cisco.com>

The security implications of unrestricted access to *any* user attributesare fairly severe.

For example, should a NAS be able to retrieve the Tunnel-Password attributeof any user, regardless of whether they are connected?


There are also VSAs that contain sensitive information.

The Call-Check Service typically provides very little information in theAccess-Accept (all that is needed is whether to accept or reject the call)so there is minimal leakage.

If this is allowed, it should follow the principle of "least privilege",only providing the attributes relevant to SSH.

For the SSHSM usage case, the question is whether it is an
unacceptable security risk for a trusted NAS to be able to obtain
authorization information about a user that is not actually
"present"  at the NAS?




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Follow up on Authorize Only issue
  - From: "Alan DeKok" <aland@nitros9.org>

References:
- RE: Follow up on Authorize Only issue
  - From: "Joseph Salowey \(jsalowey\)" <jsalowey@cisco.com>

Prev by Date: RE: Follow up on Authorize Only issue
Next by Date: Re: Follow up on Authorize Only issue
Previous by thread: RE: Follow up on Authorize Only issue
Next by thread: Re: Follow up on Authorize Only issue
Index(es):
- Date
- Thread