[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review of Management Authorization -00 document



> > It would probably mean telnet, although it could also mean some
> > other form of remote terminal service (e.g. rlogin).  It would 
> > certainly mean "over TLS".
> 
> I think that the meaning needs to be well defined.

Hmmm.  The NAS-Prompt Service-Type works for all of: local console
connections, telnet, rlogin, ssh, (and more) remote connections.  The only
thing we are trying to specify here is whether the remote terminal service
is being carried over a secure transport.  Do we really care what the
application layer protocol is?  I think that what we care about is whether
it over a secure or non-secure transport.

This feature relies on the authorization module of the NAS being aware of
the transport layer being used by the remote terminal connection, and
ensuring that it matches the provisioned parameters.

For SSH and TLS I believe that is possible.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>