[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue: Treatment of null Identity Response

To: radiusext@ops.ietf.org
Subject: Re: Issue: Treatment of null Identity Response
From: "Alan DeKok" <aland@ox.org>
Date: Wed, 14 Dec 2005 15:23:59 -0500
In-reply-to: Your message of "Wed, 14 Dec 2005 14:59:36 EST." <3CFB564E055A594B82C4FE89D215656006B734@MABOSEVS2.ets.enterasys.com>

"Nelson, David" <dnelson@enterasys.com> wrote:
> Asked another way, is there any actual authentication or
> authorization decision that a RADIUS server makes based on the
> content of the User-Name in this specific scenario?

  Yes, but I don't think it's related to the NULL identity response
problem.  A follow-up question is:

  Q1: If a server receives Calling-Station-Id, and sees that the value
of the identity is the same as the Calling-Station-Id, what does it
do?

  A1: I don't recall any currently mandated behavior.  It's up to local policy.

  Q2: How does a server distinguish this situation (which may occur
      today) from the proposed mandated behavior for NULL identity
      response?

  A2: I have no idea.  I don't know that it can distinguish them.

  If the situations can be distinguished, then we can mandate server
behavior here.  If the situations can't be distinguished, then
mandating server behavior will change existing deployments and
practices.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Issue: Treatment of null Identity Response
  - From: "Nelson, David" <dnelson@enterasys.com>

Prev by Date: RE: Issue: Treatment of null Identity Response
Next by Date: RE: Issue: Treatment of null Identity Response
Previous by thread: RE: Issue: Treatment of null Identity Response
Next by thread: RE: Issue: Treatment of null Identity Response
Index(es):
- Date
- Thread