[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re-auth failure

To: <radiusext@ops.ietf.org>
Subject: Re-auth failure
From: "Alper Yegin" <alper.yegin@yegin.org>
Date: Fri, 7 Mar 2008 17:48:20 +0200

RFC 3579 says:

   Reception of a RADIUS Access-Reject packet MUST result in the NAS denying
   access to the authenticating peer.


Consider a host that is already authenticated and authorized for network
access. If it performs re-authentication say 1 hour before the session
timeout and fails authentication (EAP-Failure), should the NAS disconnect
the host from the network immediately? According to the RFC 3579 text, it
MUST eject the host immediately. 

Shouldn't the network have the option to let the host stay connected until
the expiration of the currently granted session, if it chooses to? If so, is
there a different interpretation of the above text, or a different message
(Access-Accept with EAP-Failure?) recommended?

Thanks.

Alper 



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Re-auth failure
  - From: "Bernard Aboba" <Bernard_Aboba@hotmail.com>
- Re: Re-auth failure
  - From: Alan DeKok <aland@nitros9.org>
- RE: Re-auth failure
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>

Prev by Date: RE: RADEXT Meeting Slot (was RE: Call for Agenda items for IETF 71 RADEXT WG meeting)
Next by Date: RE: Re-auth failure
Previous by thread: RADEXT WG Last Call on NAS Management Authorization Specification
Next by thread: RE: Re-auth failure
Index(es):
- Date
- Thread