[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh authentication and service authorization questions
Bernard Aboba wrote:
> Several ideas come to mind:
Or use Service-Type = Authorize-Only?
It's intended for CoA, but there's no technical reason it couldn't be
1,2) Access-Request for initial session (user + password)
Access-Accept contains State
3) For each service:
Access-Request + User-Name + State + Authorize-Only + ...
The State attribute ties the later Access-Requests to the first one.
The RADIUS server can authorize individual services, based on their
connection with the initial Access-Request.
IIRC, this is already being done for WiMAX, for authorizing individual
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.