[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proxies and dead home servers
I've recently come across an issue which the RFC's don't clearly
address, but which can have major implications in a proxying environment.
Suppose we have a proxy chain as follows:
NAS --> Proxy Server --> Home Server
If the Home Server does not respond to a proxied Access-Request, what
does the Proxy Server do with it? RFC 2865 Section 4.1 says:
Upon receipt of an Access-Request from a valid client, an
appropriate reply MUST be transmitted.
This would seem to indicate that the Proxy Server MUST respond to the
NAS, even if the Home Server does not respond to the Proxy Server. The
only safe response is an Access-Reject, I think.
There are implementations that do not behave this way, but I think
their impact is small.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>