[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Request for Review: "Issues and Fixes" changes
Bernard Aboba writes...
> > > Any Access-Request that does not contain an authentication
> > > attribute MUST contain a State attribute. This list of
> > > authorization parameters is not exhaustive, and may be
> > > extended in future specifications.
> >In the second sentence, did you mean "authentication" rather than
> This quote came from RFC 2865, so I'm not sure what it means.
> That's for us to figure out, I guess :)
RFC 2865, Section 4.1 reads, in part:
An Access-Request MUST contain either a User-Password or a CHAP-
Password or a State. An Access-Request MUST NOT contain both a
User-Password and a CHAP-Password. If future extensions allow
other kinds of authentication information to be conveyed, the
attribute for that can be used in an Access-Request instead of
User-Password or CHAP-Password.
Note that in this case the word is "authentication".
I don't find the text with the words "authorization parameters" in RFC 2865.
Perhaps this is a misquote? Where did this text come from? I don't find it
in 2865 or Issues & Fixes -05. RFC 2865 seems to have it right.
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.