eap Mailing List: RE: Issue 199: Full authenticator SM issue

[Ashwin Palekar (ashwinp]

This is the case where EAP is forwarded to first RADIUS server; which
tries to negotiate EAP methods with peer. If the client NAKs all the EAP
methods proposed, the first RADIUS server forwards it to yet another
RADIUS server.

-----Original Message-----
From: eap-admin [at] frascone.com [mailto:eap-admin [at] frascone.com] On Behalf
Of Jari Arkko
Sent: Wednesday, November 12, 2003 9:11 AM
To: Bernard Aboba
Cc: eap [at] frascone.com
Subject: Re: [eap] Issue 199: Full authenticator SM issue

Bernard Aboba wrote:
> Issue 199: Full authenticator SM issue
> Submitter name: Ashwin Palekar
> Submitter email address: ashwinp [at] microsoft.com
> Date first submitted: Nov 11, 2003
> Reference:
>
http://mail.frascone.com/pipermail/public/eap/2003-November/001832.html
> Document: SM-01
> Comment type: T
> Priority: S
> Section: 7
> Rationale/Explanation of issue:
> 
> Can the EAP server forward to other servers if it cannot negotiate
> authentication? The EAP full authenticator seems to allow Pass-through
in
> this case.

Do you mean the case where EAP is forwarded first to a RADIUS server,
and then that forwards it *again* to yet another RADIUS server?

I think this should be allowed.

--Jari

_______________________________________________
eap mailing list
eap [at] frascone.com
http://mail.frascone.com/mailman/listinfo/eap