[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2867/2868 question

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: RFC 2867/2868 question
From: Jari Arkko <jari.arkko@piuha.net>
Date: Thu, 25 Aug 2005 10:25:12 +0300
Cc: Alper Yegin <alper.yegin@samsung.com>, radiusext@ops.ietf.org
In-reply-to: <Pine.LNX.4.61.0508221430001.13446@internaut.com>
References: <088301c5a75e$c4f01540$6601a8c0@sisa.samsung.com> <Pine.LNX.4.61.0508221430001.13446@internaut.com>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Bernard Aboba wrote:

I have a question though: It seems like we can use either RADIUS Access-Request/Answer, or RADIUS Accounting Request/Answer for setting up the compulsory tunnel. What is the rationale behind this "flexibility"? When would you recommend using one or the other?

I am not sure what "flexibility" you are talking about. RADIUS Accounting is not an authentication/authorization mechanism, it is an accounting protocol. RFC 2867 attributes are used to account for tunnel usage after they have been set up; the RFC 2868 attributes are used to authorize compulsory tunnels.

There's some flexibility in using the same attributes for
incoming or outgoing tunnels, and for reporting capabilities
vs. requesting a specific action. (I'm personally not too
fond of this flexibility.)

But all of this happens within the auth/authz part i.e.
Access-Request/Challenge/Response, not within accounting.

--Jari


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Re: RFC 2867/2868 question
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: RE: Items from the IETF-63 meeting requiring confirmation.
Next by Date: Re: RADIUS keywrap attributes
Previous by thread: Re: RFC 2867/2868 question
Next by thread: RE: [Isms] draft of ISMS charter
Index(es):
- Date
- Thread