> a) problems seem to appear if the nas does not support the challenge. > then the challenge will be treated as a reject. Yes. However, we know that the RADIUS EAP method requires support in the NAS for challenges. Are there any deployment scenarios of interest for GEOPRIV that expect to use the RADIUS PAP or CHAP methods? If not, this may well be a moot point.
PAP implementations may well support challenges, since the User-Password attribute has been used with token cards.
In any case, the issue only arises with NASes that don't support GEOPRIV, since presumably ones that do will support Challenges. In the case of legacy devices that support neither GEOPRIV nor Challenges, the issue is moot, because treating the Challenge as an Access-Reject is the desired result.
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>