[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rfc2486bis
Jari, Stefaan and all,
Please see questions inline.
> @howard.edu was actually listed as an illegal example
> in RFC 2486; the introduction of the privacy feature
> makes this now legal.
>
1. I think it is more than the introduction of privacy feature that makes *only
realm* portion legal.
2. Even in the Wired world, there are possible cases where the NAS would like
to originate some AAA messages ( for ex: Accounting Off). Note that there won't
be NAI in these messages because they are not triggered by the user. The Radius
proxies can't forward to the *the correct Radius server* because there is no
NAI in it. Currently there are adhoc mechanisms to solve this issue. By
looking at the NAS-ID (or NAS-IP-Address), the Radius proxies find the
association between the Radius servers and will possibly mutilcast these kind
of messages. We can observe this is neither standard nor elegant solution.
I'm just wondering if this problem can be dealt in one of the two ways:
a. Make NAI legal to carry only the realm portion also. ( Revised NAI can
allow this by adding some description)
b. Add Domain-Name attribute to the AAA message formats. ( doesn't look nice )
regards
Nagi.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>