[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CUI version -05

To: <radiusext@ops.ietf.org>
Subject: CUI version -05
From: "Adrangi, Farid" <farid.adrangi@intel.com>
Date: Sun, 1 May 2005 23:26:28 -0700
Cc: "Bernard Aboba" <aboba@internaut.com>, "Nelson, David" <dnelson@enterasys.com>, "Greg Weber" <gdweber@cisco.com>

Hi all,
I have submitted version -05 of the CUI draft that addresses issues 82
and 83.  The draft does not yet appear in I-D, but you can view the
draft here:
http://mng.ctgisp.com/IETF/RADIUSEXT/draft-ietf-radext-chargeable-user-i
d-05.txt

The suggested editorial in issue 82 (submitted by Greg Weber) was done
in -05 draft.  And the issue 83 (submitted by Bernard) was addressed as
below:


Text in -04
"
If a home RADIUS server that supports the CUI attribute receives an
Access-Request packet containing a CUI (set to nul or otherwise), it
MUST include the CUI attribute in the Access-Accept packet.  Otherwise,
if the Access-Request packet does not contain a CUI, the home RADIUS
server MUST NOT include the CUI attribute in the
Access-Accept packet.
"
 
Rewrite it to 
 
"
If a home RADIUS server that supports the CUI attribute receives an
Access-Request packet containing a CUI (set to nul or otherwise), it
MUST include the CUI attribute in the Access-Accept packet.  Otherwise,
if the Access-Request packet does not contain a CUI, the home RADIUS
server SHOULD NOT include the CUI attribute in the Access-Accept packet.
The Access-Request may be sent either in the initial authentication or
durig re-authentication.
"

Text in -04
"
A RADIUS client requesting the CUI attribute in an  Access-Accept packet
MUST include within the Access-Request 
packet a CUI attribute with a single NUL character (referred  to as a
nul CUI). "
 
Rewrite it to:
"
A RADIUS client requesting the CUI attribute in an Access-Accept packet
MUST include within the Access-Request packet a CUI attribute.  For the
initial authentication, the CUI attribute will include a single NUL
character (referred to as a nul CUI).  And, during re-authentication,
the CUI attribute will include a previously received 
CUI value (referred to as a non-nul CUI value) in the Access-Accept. 

Upon receiving a non-nul CUI value in an Access-Request the home RADIUS
server MAY verify that the value of CUI matches the CUI from the
previous Access-Accept. If the verification fails, then the RADIUS
server SHOULD respond with an Access-Reject message. 
"

And finally, added the following text to the end of section 2.1:

"
A NAS that requested the CUI during reauthentication by including the
CUI in the Access-Request, will receive the CUI in the Access-Accept.
The NAS MUST include the value of that CUI in all Accounting Messages."
"



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Next by Date: Comments on RADIUS MIB documents - MIB Doctor Review
Previous by thread: RE: [Issue 297] Review of Identity Selection -12
Next by thread: Comments on RADIUS MIB documents - MIB Doctor Review
Index(es):
- Date
- Thread