[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Question on draft-ietf-radext-management-authorization-04.txt
> OK, I don't know what typical NAS implementations use for NAS-Port and/or
> NAS-Port-Id for remote connections, e.g. when the NAS-Port-Type is Virtual.
>
> I could imagine that they might use a number of things. Remote IP address
> and Remote TCP Port are one possibility. The file descriptor value for use
> with the open socket might be another. By definition, the values are
> transient, or if the value is not transient, the status of the particular
> virtual port instance they describe certainly would be. I suppose that what
> would be important is that the NAS *has* some unique and meaningful values
> for those attributes, valid for the duration of the remote management
> session.
Right. The issue isn't so much how they fill in the values, but that they
need to include *some* kind of port and session identification if dynamic
authorization is to work well. This might not be obvious to readers.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>