eap Mailing List: Re: Issue 199: Full authenticator SM issue

On Wed, Nov 12, 2003 at 09:18:36PM +0200, Jari Arkko wrote:
> Ashwin Palekar wrote:
> >This is the case where EAP is forwarded to first RADIUS server; which
> >tries to negotiate EAP methods with peer. If the client NAKs all the EAP
> >methods proposed, the first RADIUS server forwards it to yet another
> >RADIUS server.
> 
> Yes.
> 
> I have looked at the state machine again, and now I believe
> it does not support this (and that is OK).
> 
> The way that I read the state machines is that the full
> machine is for the NAS that either does the authentication
> itself or forwards it to a RADIUS server. But the RADIUS
> server side should follow only the backend machine. And
> the backend machine does not have a transition to send
> the authentication somewhere else. Pasi, John, & co --
> is this your interpretation too?

I think that, if the first RADIUS server uses full authenticator state machine, 
with setting retransmission timer an infinite value (to prohibit timer-based 
retransmission), it is possible to support the scenario on the first RADIUS 
server.

Yoshihiro Ohba

> 
> --Jari
> 
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap

Re: Issue 199: Full authenticator SM issue	<– Date –> <– Thread –>
From: Yoshihiro Ohba (yohbatari.toshiba.com)
Date: Wed, 12 Nov 2003 14:05:25 -0600 (CST)

eap Mailing List
View Index by: Date - Thread - Author