[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Issue with SIP - Need for Message-Authenticator
Wolfgang,
In the SIP doc I think you need to use Message-Authenticator(80) in the
access request.
The problem is this: without using a field such as CHAP-Password or
Password, the RADIUS server has no way to validate that the Access-Request
is arriving from a valid NAS.
Message-Authenticator(80) is used to provide integrity protection for the
entire Access-Request packet and can be used by the RADIUS Server to
validate that the packet was received from a known Client (since the
Message-Authenticator uses a shared secret shared by the Client-Server.)
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>