RADIUS Extensions
RFC 2869

Document Type RFC - Informational (June 2000; No errata)
Updated by RFC 3579, RFC 5080
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2869 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           C. Rigney
Request for Comments: 2869                                     Livingston
Category: Informational                                        W. Willats
                                                        Cyno Technologies
                                                               P. Calhoun
                                                         Sun Microsystems
                                                                June 2000

                           RADIUS Extensions

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document describes additional attributes for carrying
   authentication, authorization and accounting information between a
   Network Access Server (NAS) and a shared Accounting Server using the
   Remote Authentication Dial In User Service (RADIUS) protocol
   described in RFC 2865 [1] and RFC 2866 [2].

Table of Contents

   1.     Introduction ..........................................    2
      1.1       Specification of Requirements ...................    3
      1.2       Terminology .....................................    3
   2.     Operation .............................................    4
      2.1       RADIUS support for Interim Accounting Updates....    4
      2.2       RADIUS support for Apple Remote Access
                Protocol ........................................    5
      2.3       RADIUS Support for Extensible Authentication
                Protocol (EAP) ..................................   11
         2.3.1  Protocol Overview ...............................   11
         2.3.2  Retransmission ..................................   13
         2.3.3  Fragmentation ...................................   14
         2.3.4  Examples ........................................   14
         2.3.5  Alternative uses ................................   19
   3.     Packet Format .........................................   19
   4.     Packet Types ..........................................   19
   5.     Attributes ............................................   20

Rigney, et al.               Informational                      [Page 1]
RFC 2869                   RADIUS Extensions                   June 2000

      5.1       Acct-Input-Gigawords ............................   22
      5.2       Acct-Output-Gigawords ...........................   23
      5.3       Event-Timestamp .................................   23
      5.4       ARAP-Password ...................................   24
      5.5       ARAP-Features ...................................   25
      5.6       ARAP-Zone-Access ................................   26
      5.7       ARAP-Security ...................................   27
      5.8       ARAP-Security-Data ..............................   28
      5.9       Password-Retry ..................................   28
      5.10      Prompt ..........................................   29
      5.11      Connect-Info ....................................   30
      5.12      Configuration-Token .............................   31
      5.13      EAP-Message .....................................   32
      5.14      Message-Authenticator ...........................   33
      5.15      ARAP-Challenge-Response .........................   35
      5.16      Acct-Interim-Interval ...........................   36
      5.17      NAS-Port-Id .....................................   37
      5.18      Framed-Pool .....................................   37
      5.19      Table of Attributes .............................   38
   6.     IANA Considerations ...................................   39
   7.     Security Considerations ...............................   39
      7.1       Message-Authenticator Security ..................   39
      7.2       EAP Security ....................................   39
         7.2.1  Separation of EAP server and PPP authenticator ..   40
         7.2.2  Connection hijacking ............................   41
         7.2.3  Man in the middle attacks .......................   41
         7.2.4  Multiple databases ..............................   41
         7.2.5  Negotiation attacks .............................   42
   8.     References ............................................   43
   9.     Acknowledgements ......................................   44
   10.    Chair's Address .......................................   44
   11.    Authors' Addresses ....................................   45
   12.    Full Copyright Statement ..............................   47
Show full document text