[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposed Resolution to Issue 79:

To: radiusext@ops.ietf.org
Subject: Proposed Resolution to Issue 79:
From: "Beck01, Wolfgang" <BeckW@t-systems.com>
Date: Wed, 11 May 2005 15:14:40 +0200

2.2  RADIUS Server Behavior
[..]
   A RADIUS MUST check if the RADIUS client is authorized to serve users
   of the realm mentioned in the Digest-Realm attribute.  If the RADIUS
   client is not authorized, the RADIUS server silently discards the
   Access-Request message.  Other actions taken by the RADIUS server are
   out of scope of this document.  However, the RADIUS server should
   notify the operator and may take additional action such as discarding
   all future requests from this client, until some management action
   tells it to do so again.

7.  Security Considerations
[..]
   The RADIUS server MUST check the Digest-Realm attribute it has
   received from a client.  If the RADIUS client is not authorized to
   serve HTTP-style clients of that realm, it might be compromised.


Wolfgang Beck

--
T-Systems
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
64295 Darmstadt
Germany 


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Proposed Resolution to Issue 78:
Next by Date: Re: Implementation Survey: How does your EAP peer/RADIUS proxy handle internationalization?
Previous by thread: Proposed Resolution to Issue 78:
Next by thread: Proposed Resolution to Issue 87 (RADIUS MIB Updates)
Index(es):
- Date
- Thread