[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
When to Access-Reject vs. Silently Discard
Title: Message
Hi,
In the RADIUS Digest
thread (Issue 79) when the Server detects that the NAS is trying to authenticate
a realm for which it is not authorized we need to "reject" the
authentication. This can be done by either Access-Reject or Silently
Discarding the packet. SO the question is which one is
correct?
Its not clear:
for example if Message-Authenticator(80) does not validate (as per 3579) we
silently discard. When we detect a lying NAS again as per 3579 we generate
an Access-Reject: "Where a match is not found, an Access-Reject
SHOULD be
sent, and an error SHOULD be logged."
So is there are rule that can express the correct thing to do?
------------------------------------------------
Avi
Lior
Bridgewater Systems
Corporation
Phone : (613) 591-9104 x6417
Cell :
(613) 297-2177
E-mail : mailto:avi@bridgewatersystems.com