[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

When to Access-Reject vs. Silently Discard



Title: Message
Hi,
 
In the RADIUS Digest thread (Issue 79) when the Server detects that the NAS is trying to authenticate a realm for which it is not authorized we need to "reject" the authentication.   This can be done by either Access-Reject or Silently Discarding the packet.  SO the question is which one is correct?
 
Its not clear:  for example if Message-Authenticator(80) does not validate (as per 3579) we silently discard.  When we detect a lying NAS again as per 3579 we generate an Access-Reject:   "Where a match is not found, an Access-Reject SHOULD be
 sent, and an error SHOULD be logged."
So is there are rule that can express the correct thing to do?
 

------------------------------------------------

Avi Lior                                   
Bridgewater Systems Corporation               
Phone :  (613) 591-9104 x6417

Cell    :  (613) 297-2177
E-mail :
mailto:avi@bridgewatersystems.com

www.bridgewatersystems.com