[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 83: CUI and re-authentication

To: radiusext@ops.ietf.org
Subject: Issue 83: CUI and re-authentication
From: Bernard Aboba <aboba@internaut.com>
Date: Fri, 22 Apr 2005 19:33:09 -0700 (PDT)

Issue 83: CUI and re-authentication
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: April 22, 2005
Reference:
Document: CUI-04
Comment type: T
Priority: S
Section: Various
Rationale/Explanation of issue:

The document does not state how CUI is used with an Access-Request that
occurs due to re-authentication.  For example, in the original
authentication, the CUI attribute was provided within the Access-Accept,
and subsequently within Accounting-Request packets (interim).  Let us
assume that a Session-Timeout attribute was sent with
Termination-Action=RADIUS.

What happens at the expiration of the Session-Timeout value?  Does the NAS
send an Access-Request containing a CUI attribute to the RADIUS server
with the currently used CUI, or does it send an empty CUI attribute?  It
seems more appropriate for it to send the currently used CUI, since that
does not require the RADIUS server to keep state.  I presume
that the User-Name and EAP re-authentication elements are handled the same
way (e.g. User-Name includes "@realm" privacy NAI).

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: [eap] RE: [Isms] RADIUS is not a trusted third party
Next by Date: Issue: 2486bis internationalization and unassigned codepoints
Previous by thread: Reminder to draft authors and editors: new boilerplate
Next by thread: RE: Issue 83: CUI and re-authentication
Index(es):
- Date
- Thread