[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: Issue 79; digest-auth realm validation



Miguel wrote:
> I have a question:
> 
> What is the intention of this text:
> 
>     "The RADIUS server considers this client as
>     compromised. "
> 
> What is this consideration? Is it that the RADIUS server marks 
> "something" as "not being able to use the HTTP or SIP service 
> any longer"?
"something" -- the RADIUS client that sent a Digest-Realm with a
realm it is not allowed to speak for.
Joe's reasoning was that this can be a sign of compromised
RADIUS client. If a RADIUS client is compromised, it's better
not to process any requests from it until the situation has
been resolved.

So your proposal would be just to drop the reject the request
with the offending Digest-Realm attribute?

Wolfgang

--
T-Systems
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
64295 Darmstadt
Germany 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>