RADIUS Client Kickstart
draft-moskowitz-radius-client-kickstart-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Robert Moskowitz | ||
Last updated | 2003-10-27 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
RADIUS servers [2] require foreknowledge of the IP address of the RADIUS clients, as the shared secret is bound to the address. This has been a manageable situation when the RADIUS Clients were just NASs (Network Access Servers). With the advent of IEEE 802.1x [3], there is a significant increase in RADIUS clients in organizations not prepared to have the RADIUS Clients use fixed IP addresses and manage the shared secret. To address the concerns of the IEEE 802.1 and 802.11 Task Groups a level of indirection is added; a Master secret bound to the name of the RADIUS client. This Master secret is created by the Shared Secret Provisioning Protocol [4]. For RADIUS Client Kickstart, SSPP is run over SNMP [5]. The Master Secret is used in an initial RADIUS exchange to create a session secret that is used as the normal RADIUS client shared secret. SSPP can be used to change the Master Secret whenever required.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)