[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Review of Management Authorization -00 document

To: "David B. Nelson" <d.b.nelson@comcast.net>, <radiusext@ops.ietf.org>
Subject: Re: Review of Management Authorization -00 document
From: <Bernard_Aboba@hotmail.com>
Date: Mon, 19 Nov 2007 05:45:28 -0800
In-reply-to: <BAY117-F27713262C7B703C9D83BD193880@phx.gbl> <000a01c8208a$ebde28c0$091716ac@xpsuperdvd2> <092b01c82a03$f70a1240$6401a8c0@NEWTON603> <BAY117-DS356E6A3236C5C6875271A937D0@phx.gbl> <0ba901c82a68$193ca7b0$6401a8c0@NEWTON603> <BAY117-DS31CD83DC4DB030DBD79D2937E0@phx.gbl> <0c5a01c82a7b$67697e50$6401a8c0@NEWTON603>
References: <BAY117-F27713262C7B703C9D83BD193880@phx.gbl> <000a01c8208a$ebde28c0$091716ac@xpsuperdvd2> <092b01c82a03$f70a1240$6401a8c0@NEWTON603> <BAY117-DS356E6A3236C5C6875271A937D0@phx.gbl> <0ba901c82a68$193ca7b0$6401a8c0@NEWTON603> <BAY117-DS31CD83DC4DB030DBD79D2937E0@phx.gbl> <0c5a01c82a7b$67697e50$6401a8c0@NEWTON603>

Hmmm.  The NAS-Prompt Service-Type works for all of: local console
connections, telnet, rlogin, ssh, (and more) remote connections.  The only
thing we are trying to specify here is whether the remote terminal service
is being carried over a secure transport.  Do we really care what the
application layer protocol is?

In current usage, is it possible to send a Server-Type=NAS-Prompt attributeto a NAS

without a serial port?

As I recall, NAS-Prompt originally did not specify any "application layerprotocol"at all. Wasn't the purpose to allow an admin connecting to a terminalserver to

administer it over a serial connection?

Assuming that, I'm puzzled as to what it means to specifyServer-Type=NAS-Promptalong with an underlying framed transport, like TLS. With the RFC 2865definitionof the NAS-Prompt service, when I hook a terminal emulator to a consoleport, ordialin to a terminal server on a port, I'm going to get an unframed serialstream of bits

suitable for viewing on a terminal emulator.

Once I specify a Transport Protocol for NAS-Prompt, (say TLS) what am Igoing to get?First off, this is a serial link, so I'd assume that if there is IP flowingover the link thatwe need framing of some kind, either SLIP or PPP. That seems intrinsicallyat odds

with a Service-Type=NAS-Port.

So I guess I don't understand the idea of running the NAS-Port oradministrative serviceover a Transport Protocol. If we are talking about a framed managementservice, then

Servce-Type = Framed-Management seems like it makes more sense.

I think that what we care about is whether it over a secure or non-securetransport.

Does NAS-Prompt as defined in RFC 2865 have a transport? I thought it wasjust

a non-frmaed serial stream of bits.

This feature relies on the authorization module of the NAS being aware of
the transport layer being used by the remote terminal connection, and
ensuring that it matches the provisioned parameters.

When Service-Type=NAS-Prompt, there is no transport layer to be aware ofright?


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Review of Management Authorization -00 document
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>

Prev by Date: RE: Review of Management Authorization -00 document
Next by Date: Re: Review of Management Authorization -00 document
Previous by thread: RE: Review of Management Authorization -00 document
Next by thread: Re: Review of Management Authorization -00 document
Index(es):
- Date
- Thread