| EAP-Relay---Method Identification and Re-Authentication. | <– Date –> <– Thread –> |
From: Suresh (sureshvv intotoinc.com)
|
|
| Date: Wed, 25 Aug 2004 06:30:19 -0400 (EDT) | |
Hi I have the following two questions? Kindly clarify. Question 1 This is regarding EAP behaving as a relay. RFC-3579 (RADIUS support for EAP) states, that NAS can send a RADIUS access request with EAP-Start attribute to the RADIUS server. RADIUS server responds with a ID/request or Method specific start request. In case of EAP-SIM/TLS it can be EAP-ID request or EAP-SIM/TLS-Start request. How does the NAS inform the RADIUS server, to frame a particular method specific start request for the above sent Access request? i.e. how does the NAS informs the RADIUS server that a particular method functionality is required? What I understood from the RFC is that, RADIUS server may frame EAP-ID request and to that client responds. Based on the ID received, the RADIUS server identifies an EAP-Method i.e. ID very specific to the method. Is there any specific reason that, there is no attribute in the RADIUS Access Request to identify an EAP-method to be used by the RADIUS server, so that identity will be independant of method? Kindly clarify. Question 2 How does the RADIUS server keeps track of each EAP authentication context? Is there any concept of re-authentication, in Client-NAS mutual authentication using EAP? i.e. Can RADIUS server identify a particular connection has already authenticated, and it is going for re-uthentication. Regards Suresh
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.