[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Review of Management Authorization -00 document

To: <Bernard_Aboba@hotmail.com>, <radiusext@ops.ietf.org>
Subject: RE: Review of Management Authorization -00 document
From: "David B. Nelson" <d.b.nelson@comcast.net>
Date: Mon, 19 Nov 2007 22:39:03 -0500
In-reply-to: <BAY117-DS28F8D48D66B96C94D0AEA937F0@phx.gbl>
References: <BAY117-F27713262C7B703C9D83BD193880@phx.gbl> <000a01c8208a$ebde28c0$091716ac@xpsuperdvd2> <092b01c82a03$f70a1240$6401a8c0@NEWTON603> <BAY117-DS356E6A3236C5C6875271A937D0@phx.gbl> <0ba901c82a68$193ca7b0$6401a8c0@NEWTON603> <BAY117-DS31CD83DC4DB030DBD79D2937E0@phx.gbl> <0c5a01c82a7b$67697e50$6401a8c0@NEWTON603> <BAY117-DS177E9C7237B8D2D71F204937E0@phx.gbl> <107301c82ab8$e8be16e0$6401a8c0@NEWTON603> <BAY117-DS1B3097656FA19E3C3700C937E0@phx.gbl> <00ed01c82ad9$86031d40$5d1216ac@xpsuperdvd2> <BAY117-DS28F8D48D66B96C94D0AEA937F0@phx.gbl>

> What attributes go along with that?  User-Password?  CHAP-Password?

For the Access-Request, it is usually User-Name and User-Password, although
I suppose CHAP-Password is possible.

> > The Management-Transport-Protocol attribute could certainly be 
> > used in conjunction with the NAS-Port-Type attribute of Virtual 
> > (5), as is the current practice.
> 
> OK.  It would make sense to say that in the document.

That can easily be added, as explanatory material. 

> Is there a situation where NAS-Port-Type = Async (0) would make 
> much sense along with a Management-Transport-Protocol, attribute?

No.  That should also be called out in the document.

> > In that sense, the usage of the Management-Transport-Protocol attribute
> > usage as a hint is as important, or more important, than the
> > provisioning usage.
> 
> OK.  It might be useful to have an example or two to make this clear.

OK.

> The scenario here is to provide more info in the case where
> NAS-Port-Type=virtual, and Server-Type=NAS-Prompt, right?  I guess
> there are scenarios where this could make a difference to the RADIUS
> server (e.g. router mistakenly enables an insecure management protocol
> and RADIUS server wants to make sure it that only secure protocols are
> authorized).

Exactly.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- a question about Management Authorization -01 document
  - From: li chunxiu <lichunxiu@huawei.com>

References:
- Review of Management Authorization -00 document
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <d.b.nelson@comcast.net>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>
- RE: Review of Management Authorization -00 document
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Re: Review of Management Authorization -00 document
  - From: <Bernard_Aboba@hotmail.com>

Prev by Date: Re: Review of Management Authorization -00 document
Next by Date: Strawman Agenda for IETF 70
Previous by thread: Re: Review of Management Authorization -00 document
Next by thread: a question about Management Authorization -01 document
Index(es):
- Date
- Thread