Revised RADIUS Attributes for Improved Authentication
This document proposes updates to RADIUS attributes for better authentication protocols. Various errors and clarifications are addressed to enhance the overall security. Tables updated to reflect necessary changes.
Revised RADIUS Attributes for Improved Authentication
E N D
Presentation Transcript
RFC 4590bis Wednesday, March 21, 2007 draft-ietf-radext-rfc4590bis-00.txt Wolfgang Beck IETF 68 Prague
Issue 196 • Table 1 makes User-Name mandatory • User-Name is not necessary to obtain a nonce • replace ‚‘1‘ with ‚‘0-1‘ in table 1
Issue 205, IANA Error • Digest-Nextnonce/Digest-Response-Auth have different values in text and table 2 • 106 Digest-Response-Auth • 107 Digest-Nextnonce
Issue 206 • Table 1 made Digest-Method optional • State attribute usage was not clear • make Digest-Method mandatory • add a State attribute line and some clarifying text to Table 1
Issue 218 • Addition of Accounting-Request entries in the attribute table: Access- Access- Access- Access- Acct- Request Accept Reject Challenge Req # Attribute 0-1 0 0 0 0-1 1 User-Name 0-1 0 0 1 0 24 State [4] 1 1 1 1 0-1 80 Message-Authenticator 0-1 0 0 0 0 103 Digest-Response 0-1 0 0 1 0-1 104 Digest-Realm 0-1 0 0 1 0 105 Digest-Nonce 0 0-1 0 0 0 106 Digest-Response-Auth [1][2] 0 0-1 0 0 0 107 Digest-Nextnonce 1 0 0 0 0-1 108 Digest-Method 0-1 0 0 0 0-1 109 Digest-URI 0-1 0 0 0+ 0-1 110 Digest-Qop 0-1 0 0 0-1 0-1 111 Digest-Algorithm [3] 0-1 0 0 0 0 112 Digest-Entity-Body-Hash 0-1 0 0 0 0 113 Digest-CNonce 0-1 0 0 0 0 114 Digest-Nonce-Count 0-1 0 0 0 0-1 115 Digest-Username 0-1 0 0 0-1 0 116 Digest-Opaque 0+ 0+ 0 0+ 0 117 Digest-Auth-Param 0-1 0 0 0 0 118 Digest-AKA-Auts 0 0 0 0+ 0-1 119 Digest-Domain 0 0 0 0-1 0 120 Digest-Stale 0 0-1 0 0 0 121 Digest-HA1 [1][2] 0-1 0 0 0 0 122 SIP-AOR
![auEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC](https://cdn1.slideserve.com/1784066/slide1-dt.jpg)
