[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposed Resolution to Issue 7:

To: radiusext@ops.ietf.org
Subject: Proposed Resolution to Issue 7:
From: "Beck01, Wolfgang" <BeckW@t-systems.com>
Date: Wed, 11 May 2005 15:09:54 +0200

2.  Detailed Description

2.1  RADIUS Client Behavior

[..]
   To do the latter, it sends an Access-Request containing a Digest-Method
   and a Digest-URI attribute but without a Digest-Nonce attribute.
   It adds a Message-Authenticator (see [RFC3579]) attribute to the
   Access-Request message.  The RADIUS server chooses a nonce and responds
   with an Access-Challenge containing a Digest-Nonce attribute.
[..]

2.2  RADIUS Server Behavior

   If the RADIUS server receives an Access-Request message with a
   Digest-Method and a Digest-URI attribute but without a Digest-Nonce
   attribute, it chooses a nonce.  It puts the nonce into a Digest-Nonce
   attribute and sends it in an Access-Challenge message to the RADIUS
   client.  The RADIUS server MUST add Digest-Realm, Message-Authenticator
   (see [RFC3579]), SHOULD add Digest-Algorithm, one or more Digest-Qop and
   MAY add Digest-Domain, Digest-Opaque attributes to the Access-
   Challenge message.
[..]
   RADIUS servers issuing nonces MAY construct a Digest-Nextnonce
   attribute and add it to the Access-Accept message.  This is useful to
   limit the lifetime of a nonce and to save a round-trip in future
   requests (see nextnonce discussion in [RFC2617], section 3.2.3).  The
   RADIUS server adds a Message-Authenticator attribute (see [RFC3579])
   and sends the Access-Accept message to the RADIUS client.


4.  Table of Attributes

   The following table provides a guide to which attributes may be found
   in which kinds of packets, and in what quantity.

   +-------------------------+-----+-----+--------+--------+-----------+
   | Attribute               | #   | Req | Accept | Reject | Challenge |
   +-------------------------+-----+-----+--------+--------+-----------+
   | User-Name               | TBD | 1   | 0      | 0      | 0         |
   | Message-Authenticator   | TBD | 1   | 1      | 1      | 1         |

[..]

Wolfgang

--
T-Systems
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
64295 Darmstadt
Germany 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Proposed Resolution to Issue 7:
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Issue tracking
Next by Date: Issue:
Previous by thread: Issue tracking
Next by thread: Re: Proposed Resolution to Issue 7:
Index(es):
- Date
- Thread