| Re: Issue 199: Full authenticator SM issue | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Wed, 12 Nov 2003 13:54:05 -0600 (CST) | |
In this case, the second RADIUS server will receive a Nak while it is in "PICK_UP_METHOD" state. There are two issues: - Does RFC3579 allow "pickup" operation when the initial EAP-Response is a Nak? I think the document is a bit vague on this (at least it does not seem to prohibit the case). - If the above question is yes, how does the backend authenticator state machine work in this case? I think there would need a state transition from "PICK_UP_METHOD" to "NAK" state to explicitly support the case. Yoshihiro Ohba On Wed, Nov 12, 2003 at 09:22:00AM -0800, Ashwin Palekar wrote: > This is the case where EAP is forwarded to first RADIUS server; which > tries to negotiate EAP methods with peer. If the client NAKs all the EAP > methods proposed, the first RADIUS server forwards it to yet another > RADIUS server. > > -----Original Message----- > From: eap-admin [at] frascone.com [mailto:eap-admin [at] frascone.com] On > Behalf > Of Jari Arkko > Sent: Wednesday, November 12, 2003 9:11 AM > To: Bernard Aboba > Cc: eap [at] frascone.com > Subject: Re: [eap] Issue 199: Full authenticator SM issue > > Bernard Aboba wrote: > > Issue 199: Full authenticator SM issue > > Submitter name: Ashwin Palekar > > Submitter email address: ashwinp [at] microsoft.com > > Date first submitted: Nov 11, 2003 > > Reference: > > > http://mail.frascone.com/pipermail/public/eap/2003-November/001832.html > > Document: SM-01 > > Comment type: T > > Priority: S > > Section: 7 > > Rationale/Explanation of issue: > > > > Can the EAP server forward to other servers if it cannot negotiate > > authentication? The EAP full authenticator seems to allow Pass-through > in > > this case. > > Do you mean the case where EAP is forwarded first to a RADIUS server, > and then that forwards it *again* to yet another RADIUS server? > > I think this should be allowed. > > --Jari > > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap
- Re: Issue 199: Full authenticator SM issue, (continued)
- Re: Issue 199: Full authenticator SM issue Jari Arkko, November 12 2003
-
RE: Issue 199: Full authenticator SM issue Ashwin Palekar, November 12 2003
-
Re: Issue 199: Full authenticator SM issue Jari Arkko, November 12 2003
- Re: Issue 199: Full authenticator SM issue Yoshihiro Ohba, November 12 2003
- Re: Issue 199: Full authenticator SM issue Yoshihiro Ohba, November 12 2003
-
Re: Issue 199: Full authenticator SM issue Jari Arkko, November 12 2003
-
RE: Issue 199: Full authenticator SM issue Pasi.Eronen, November 19 2003
- RE: Issue 199: Full authenticator SM issue Nick Petroni, November 19 2003
Results generated by Tiger Technologies using MHonArc.