Skip to main content

RADIUS Client Kickstart
draft-moskowitz-radius-client-kickstart-01

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Robert Moskowitz
Last updated 2003-10-27
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

RADIUS servers [2] require foreknowledge of the IP address of the RADIUS clients, as the shared secret is bound to the address. This has been a manageable situation when the RADIUS Clients were just NASs (Network Access Servers). With the advent of IEEE 802.1x [3], there is a significant increase in RADIUS clients in organizations not prepared to have the RADIUS Clients use fixed IP addresses and manage the shared secret. To address the concerns of the IEEE 802.1 and 802.11 Task Groups a level of indirection is added; a Master secret bound to the name of the RADIUS client. This Master secret is created by the Shared Secret Provisioning Protocol [4]. For RADIUS Client Kickstart, SSPP is run over SNMP [5]. The Master Secret is used in an initial RADIUS exchange to create a session secret that is used as the normal RADIUS client shared secret. SSPP can be used to change the Master Secret whenever required.

Authors

Robert Moskowitz

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)