[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Questions on RADIUS Extended attributes
"Nelson, David" <email@example.com> wrote:
> By "list of such attributes", do you mean a sequence comprising an
> initial attribute and continuation (concatenation) attributes? I was
> thinking that removing one or more continuation attributes from the
> middle of a sequence would be very bad.
Yes, and yes.
But most proxies either (1) forward everything unchanged, or (b)
implement local policy.
> Mangling by whom? Noticed by whom? It would certainly seem to me that
> the NAS or the Server would notice!
A proxying server that implements local policy enforcement has no
business forwarding attributes it doesn't understand.
A proxying server that does nothing more than routing or aggregation
has no business changing the policies it's transporting.
A NAS that expects Extended-Type has a trust relationship with a
local RADIUS server. If that server doesn't understand Extended-Type,
it (a) won't send Extended-Type to the NAS, or (b) has no business
forwarding Extended-Type from a home server to the NAS.
> Tagging would support grouping, but not nested grouping. Do we think
> that single-level grouping is sufficient to solve the "80% problem"?
I believe so.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.