[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 83: CUI and re-authentication



Issue 83: CUI and re-authentication
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: April 22, 2005
Reference:
Document: CUI-04
Comment type: T
Priority: S
Section: Various
Rationale/Explanation of issue:

The document does not state how CUI is used with an Access-Request that
occurs due to re-authentication.  For example, in the original
authentication, the CUI attribute was provided within the Access-Accept,
and subsequently within Accounting-Request packets (interim).  Let us
assume that a Session-Timeout attribute was sent with
Termination-Action=RADIUS.

What happens at the expiration of the Session-Timeout value?  Does the NAS
send an Access-Request containing a CUI attribute to the RADIUS server
with the currently used CUI, or does it send an empty CUI attribute?  It
seems more appropriate for it to send the currently used CUI, since that
does not require the RADIUS server to keep state.  I presume
that the User-Name and EAP re-authentication elements are handled the same
way (e.g. User-Name includes "@realm" privacy NAI).

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>