[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dime] FEDAUTH BOF request



Joseph Salowey (jsalowey) wrote:
> I agree with a lot of what Bernard says below. For better or for worse
> EAP is closely associated with AAA.  The fit may be odd in some cases,
> but deployments have found success in making it work.  This is why it is
> attractive.  I don't think that replacing EAP in AAA with some other
> framework, such as GSSAPI, is going to lead to better results.

  I think the proposal is to use GSS "locally", and AAA "globally".
i.e. the SSH client/server would use EAP over GSS.  But the SSH server
would hand that in turn to a GSS to AAA gateway.  That would strip EAP
out of GSS, and put it into RADIUS for global roaming.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>