RE: Request for Review: "Issues and Fixes" changes

["David B. Nelson" <dnelson@elbrysnetworks.com>]

Bernard Aboba writes...

> > >    Any Access-Request that does not contain an authentication
> > >    attribute MUST contain a State attribute.  This list of
> > >    authorization parameters is not exhaustive, and may be 
> > >    extended in future specifications.
> >
> >In the second sentence, did you mean "authentication" rather than
> >"authorization"?
> 
> This quote came from RFC 2865, so I'm not sure what it means. 
> That's for us to figure out, I guess :)

RFC 2865, Section 4.1 reads, in part:

      An Access-Request MUST contain either a User-Password or a CHAP-
      Password or a State.  An Access-Request MUST NOT contain both a
      User-Password and a CHAP-Password.  If future extensions allow
      other kinds of authentication information to be conveyed, the
      attribute for that can be used in an Access-Request instead of
      User-Password or CHAP-Password.

Note that in this case the word is "authentication".

I don't find the text with the words "authorization parameters" in RFC 2865.
Perhaps this is a misquote?  Where did this text come from?  I don't find it
in 2865 or Issues & Fixes -05.  RFC 2865 seems to have it right.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>