[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue: Treatment of null Identity Response

To: <radiusext@ops.ietf.org>
Subject: RE: Issue: Treatment of null Identity Response
From: "Nelson, David" <dnelson@enterasys.com>
Date: Wed, 14 Dec 2005 14:59:36 -0500

Alan DeKok writes...

> >  Is there an explicit signal or hint to the RADIUS Server that the
> > user name is the MAC address, or does it figure that out by
> > inspection (parsing)?  Or doesn't it matter?
> 
>   It's up to local policy.  So it doesn't matter.

Uh, yes, but...  If the behavior of the RADIUS server is a matter of
local policy, doesn't that raise interoperability issues?  Asked another
way, is there any actual authentication or authorization decision that a
RADIUS server makes based on the content of the User-Name in this
specific scenario?  As I recall, RADIUS Clients and Servers had to
implement specific code paths to deal with the "anonymous" user cases. 


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue: Treatment of null Identity Response
  - From: "Alan DeKok" <aland@ox.org>

Prev by Date: Re: Issue: Treatment of null Identity Response
Next by Date: Re: Issue: Treatment of null Identity Response
Previous by thread: Re: Issue: Treatment of null Identity Response
Next by thread: Re: Issue: Treatment of null Identity Response
Index(es):
- Date
- Thread