[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[radext] #18: Extended Attribute Restrictions
#18: Extended Attribute Restrictions
---------------------------------------+------------------------------------
Reporter: bernard_aboba@â | Owner: bernard_aboba@â
Type: defect | Status: new
Priority: major | Milestone: milestone1
Component: Extended | Version: 1.0
Severity: Active WG Document | Keywords:
---------------------------------------+------------------------------------
Date first submitted: December 14, 2008
RFC 2866 Section 5.13 states:
The following table provides a guide to which attributes may be found
in Accounting-Request packets. No attributes should be found in
Accounting-Response packets except Proxy-State and possibly Vendor-
Specific.
Given that RADIUS Extended Attributes are VSAs, the question arises as to
whether
they are allowed in Accounting-Responses or not. My take would be "no" --
they
should be treated like RADIUS standard attributes.
In RFC 5176, VSAs are listed as not permitted within CoA-ACK, CoA-NAK,
Disconnect-ACK
or Disconnect-NAK packets. They are listed as "0+" within CoA-Request and
Disconnect-Request packets, however:
(Note 7) Within Disconnect-Request packets, Vendor-Specific
Attributes (VSAs) MAY be used for session identification. Within
CoA-Request packets, VSAs MAY be used for either session
identification or authorization change. However, the same Attribute
MUST NOT be used for both purposes simultaneously.
So, do the restrictions on VSA usage apply to Extended Attributes as well?
--
Ticket URL: <http://trac.tools.ietf.org/wg/radext/trac/ticket/18>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>