[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue: Acct-Session-Id clarification

To: <radiusext@ops.ietf.org>
Subject: Issue: Acct-Session-Id clarification
From: Bernard Aboba <bernard_aboba@hotmail.com>
Date: Sat, 26 May 2007 06:45:14 -0700

Issue: Acct-Session-Id clarification
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: May 24, 2007
Reference:
Document: RFC3576bis-06
Comment type: Technical
Priority: S
Section: 3
Rationale/Explanation of issue:

It has been pointed out that the Acct-Session-Id attribute is not mandatory in Access-Requests and that a Dynamic Authorization Client will not necessarily have access to information sent in Accounting-Request packets. This point seems worth addressing explicitly.

The proposed resolution is to insert the following text in Section 3:

  As noted in [RFC2866] Section 5.5:

      An Accounting-Request packet MUST have an Acct-Session-Id.  An
      Access-Request packet MAY have an Acct-Session-Id; if it does,
      then the NAS MUST use the same Acct-Session-Id in the Accounting-
      Request packets for that session.

   Since the Acct-Session-Id is optional in Access-Requests, if the
   Dynamic Authorization Client only has access to attributes sent to or
   by the RADIUS authentication server, then it will not necessarily
   know the Acct-Session-Id of the session it is attempting to target.

Follow-Ups:
- Re: Issue: Acct-Session-Id clarification
  - From: Alan DeKok <aland@nitros9.org>

Prev by Date: Issue: RPF Check
Next by Date: Issue: Consolidation of "Authorize Only" Text
Previous by thread: Issue: RPF Check
Next by thread: Re: Issue: Acct-Session-Id clarification
Index(es):
- Date
- Thread