| RE: Two Issues for Clarification in RFC3579 | <– Date –> <– Thread –> |
From: Adrangi, Farid (farid.adrangi intel.com)
|
|
| Date: Mon, 16 Feb 2004 12:20:03 -0500 (EST) | |
> > Issue 2 > > ------- > > > > What follows is an excerpt from section 3: > > > > The NAS-Port or NAS-Port-Id attributes SHOULD be included > > by the NAS > > in Access-Request packets, and either NAS-Identifier, > > NAS-IP-Address or NAS-IPv6-Address attributes MUST be included. > > In order > > to permit > > forwarding of the Access-Reply by EAP-unaware proxies, if > > a User-Name > > attribute was included in an Access-Request, the RADIUS > server MUST > > include the User-Name attribute in subsequent > > Access-Accept packets. > > Without the User-Name attribute, accounting and billing becomes > > difficult to manage. The User-Name attribute within the Access- > > Accept packet need not be the same as the User-Name > > attribute in the > > Access-Request. > > > > This section states that the Access-Accept MUST include a > > User-Name attribute and that the value of this attribute > > could be a billing identifier and need not match the value of > > the User-Name attribute sent in the Access-Request. It does > > not clearly state that the NAS is obligated to echo the value > > of this User-Name attribute in any accounting requests it > > generates for the session, but that does appear to be the > > implication. Is this in fact a new requirement being placed > > on NAS vendors? If so, does anyone know if any NASes actually > > support this feature? > > > [Joe] This is a good question. I believe there are NASes and stateful > proxies that support this (I've seen the username from the > Access-Accept > in accounting packets, but I'm not sure who put it there). > [FA] On a related note, 1) If the content of the UserName(1) in the Access-Accept packet is indented to be used for accounting purposes, should the text be more specific, rather than saying the absence of UserName(1) will make the accounting and billing difficult to manage. Instead it could say, "NAS MUST use the content of UserName(1) for accounting purposes. Your comment? 2)Does the specification need to make it clear that inner and outer identities need be checked by the home network for consistency to prevent fraud? For example, the user (fred [at] anyisp.com) uses bob [at] anyisp.com as the outer identity and if the RADIUS server does not check for this, then the user (fred [at] anyisp.com) has managed to authenticate to the network, and possibly deceive the network to send the billing charges to bob [at] anyips.com.
-
Two Issues for Clarification in RFC3579 Oliver Tavakoli, February 4 2004
- RE: Two Issues for Clarification in RFC3579 Joseph Salowey, February 4 2004
- RE: Two Issues for Clarification in RFC3579 Adrangi, Farid, February 16 2004
Results generated by Tiger Technologies using MHonArc.