Re: RADIUS User-Name versus EAP Identity

[Alan DeKok <aland@deployingradius.com>]

Bernard Aboba wrote:
> [BA] Yes, in most cases the implementation should use the RADIUS
> User-Name Attribute instead.  There might be a few cases where the
> EAP method calculations depend on the EAP-Response/Identity
> (RFC 3748-defined methods such as EAP-MD5).  Are you seeing problems
> only with those methods, or with other ones as well?

  The problems are across all EAP methods.

> BTW, RFC 5113 Section 2.3 does talk a bit about this issue:
...
>    Over the long term, it is expected that the need for NAI "decoration"
>    and source routing will disappear

  The solution that has been proposed in vendor forums removes the need
for source routing.  Even if we ignore the User-Name versus EAP-Identity
issues (which exist), the manual updates of routes in RADIUS proxy
infrastructures is becoming prohibitive.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>