[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RADEXT WG Last Call on Status-Server Document
Stig Venaas wrote:
> I think clients should allow Access-Accept responses to status-server
> messages sent to the accounting port. Even if it's not the expected
> message, it shows that the server is alive.
Ok. I've updated the draft, and will issue a new version shortly.
> Also, towards the end of section 4.2 the draft says:
>
> Some server implementations accept both Access-Request and
> Accounting-Request packets on the same port, and do not distinguish
> between "authentication only" ports, and "accounting only" ports.
> Those implementations SHOULD reply to Status-Server packets with an
> Access-Accept packet.
>
> Due to this, I think the text in 2.3.2 is too strict:
>
> The Status-Server packet MUST contain a Message-Authenticator
> attribute for security. The response (if any) to a Status-Server
> packet sent to an accounting port MUST be an Accounting-Response
> packet. The list of attributes that are permitted in the Accounting-
> Response packet is given in the Table of Attributes in Section 6,
> below.
>
> I think the second MUST should be a SHOULD. Or at the very least, in
> section 4.1 where it talks about clients being liberal at what they
> accept. Add a note that they SHOULD accept this.
OK. I've done that:
The response (if any) to a Status-Server
packet sent to an accounting port SHOULD be an Accounting-Response
packet, and MAY be an Access-Accept packet. Other response packet
codes MUST NOT be used.
With similar text for authentication packets.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>