RE: Review of Management Authorization -00 document

["David B. Nelson" <d.b.nelson@comcast.net>]

Following up ....

> > Section 3
> >
> > This seems to imply that SSH would not be an acceptable value for
> > Framed-Management-Protocol.  Is that right?
> 
> SSH delivers a secure transport service and a remote login (terminal
> emulation service).  That does not seem to be the same thing as a specific
> management protocol, of which SNMP is the most obvious example.  Should
> SHH
> (alone) be considered a framed management protocol, or should it be
> considered a remote form of CLI access?

I think that the way you would specify the secure remote terminal service of
SSH would be using Service-Type=NAS-Prompt,
Management-Transport-Protocol=SSH.

> > Section 7.2
> >
> > I am not clear that all combinations of Framed-Management-Protocol
> > and Transport-Protocol make sense.

These sections will be revised in the -01 version.

> > Section 8
> >
> >
> >        *  Service-Type (6) = Administrative (6)
> >        *  Transport-Protocol (xx) = None (1)
> >
> > Is the Transport-Protocol really none??

This will be changed to Default (1), which means use any supported
transport.

> > Section 9
> >
> > I'm not clear that these statements make sense because there typically
> > is no authentication in these AAA exchanges, right?

Well, these attributes can appear as hints in Access-Requests. I'll snip out
some of the unrelated boilerplate text, especially that relating to EAP.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>