[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Re-auth failure
Alper Yegin writes...
> Shouldn't the network have the option to let the host stay connected
> until the expiration of the currently granted session, if it chooses
I suppose that depends on whether one considers the responses of the RADIUS
Server to be authoritative or merely advisory. One can construct reasonable
use cases to support either notion, although historically we have considered
the responses of the RADIUS Server to be authoritative.
If the Access-Reject was caused by a transient failure somewhere in the
system, including the back-end authentication service, one might want to
allow a customer to finish out his pre-allocated session time. If the
Access-Reject was caused by a system administrator's action to de-authorize
a user (maybe an employee who is about to be fired), one would almost
certainly want the session to be terminated upon a failed re-authentication.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.