| Re: method identification | <– Date –> <– Thread –> |
From: Thomas Otto (t.otto sharevolution.de)
|
|
| Date: Sat, 28 Aug 2004 08:38:07 -0400 (EDT) | |
(contd.) Assume the peer choose M1 and thus sends ID1, but the EAP server wants to perform only M2 with this peer. Then, the initial message flow is Peer <--- Server: EAP-Request/Identity Peer ---> Server: EAP-Response/Identity (ID1) Now, the server could send the first message of M2 to the peer, who responds, if he does not agree with this proposal, with a Nak. Since the server is restricted to perform M2, an EAP-Failure finishes the conversation. Peer <--- Server: EAP-Request / M2 (Start S=1, ...) Peer ---> Server: EAP-Response (Nak) Peer <--- Server: EAP-Failure A legitimate peer would rather continue with method M2 after having received the first message of it. The identifier, however, of M2 is not transmitted explicitely to the EAP server, but this is IMHO no disadvantage, since the EAP server maps ID1 to the User and can, if needed, access ID2 of him. To get the relation to Suresh's mail, the answer to "Can the RADIUS server force M2 to be used?" may be "No, but the server can indicate the usage of M2 by sending the first message of M2." Comments are welcome :-) Thomas
- RE: Re: method identification, (continued)
-
RE: Re: method identification Bernard Aboba, August 26 2004
- RE: Re: method identification Suresh, August 27 2004
-
Re: method identification Thomas Otto, August 28 2004
- Re: Re: method identification Jari Arkko, August 29 2004
- Re: method identification Thomas Otto, August 28 2004
-
RE: Re: method identification Bernard Aboba, August 26 2004
Results generated by Tiger Technologies using MHonArc.