[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RADIUS Digest Authentication document approved for publication
Hello,
I've just read the final document (I have been following the evolution of this draft a bit), and although I know it is already approved (too late for comments), I have a question that I think is not fully clarified in the document and could create problems in real implementation.
The user-name AVP is mandatory in the RADIUS Access Request as indicated in the table of attributes (chapter 5).
But in the initial HTTP GET method, the user-name is not received, and in the example (chapter 6) nothing is sent as user-name AVP in the B->C comunication.
Which value is supposed to add the RADIUS client as User-name in this case? And what shall the RADIUS Server do when this dummy user-name is received?
I think the "client nonce generation mode" removed from draft 07 was usefull to avoid inventing a user name in this HTTP case (where the nonce generation does not depend on the user and this is not received in the initial request). Do you know why it was removed?
Best regards,
Cristina.
-----Original Message-----
From: owner-radiusext@ops.ietf.org [mailto:owner-radiusext@ops.ietf.org] On Behalf Of Bernard Aboba
Sent: miércoles, 31 de mayo de 2006 18:28
To: radiusext@ops.ietf.org
Subject: RADIUS Digest Authentication document approved for publication
Today, the IESG approved the RADIUS Digest Authentication document for publication. Congratulations to the authors!
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>