[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Issue: RADIUS Response and Retransmissions
Issue: RADIUS Response and Retransmissions
Submitter names: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: June 16, 2006
Reference:
Document: Issues and Fixes
Comment type: 'T'echnical |
Priority: '1' Should fix
Section: New
Rationale/Explanation of issue:
We are seeing RADIUS client implementations in the field that do not
correctly handle receipt of RADIUS responses after retransmissions. The
recommended text is as follows:
"X.X Responses Received After Retransmissions
RFC 2865 Section 2.5 states:
If the NAS is retransmitting a RADIUS request to the same server as
before, and the attributes haven't changed, you MUST use the same
Request Authenticator, ID, and source port. If any attributes have
changed, you MUST use a new Request Authenticator and ID.
Therefore for a RADIUS retransmission it is possible that the ID and Request
Authenticator will remain the same or that they will change.
Regardless of whether a retransmission utilizes the same ID and Request
Authenticator or changes them, it is possible to receive a RADIUS response
to a previous transmission after a retransmission has been sent.
RADIUS client implementations SHOULD validate those responses, rather than
silently discarding them. "
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>