Network Access Servers Requirements: Extended RADIUS Practices
RFC 2882

Document Type RFC - Informational (July 2000; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2882 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           D. Mitton
Request for Comments: 2882                                Nortel Networks
Category: Informational                                         July 2000

                  Network Access Servers Requirements:
                       Extended RADIUS Practices

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document describes current practices implemented in NAS products
   that go beyond the scope of the RADIUS RFCs 2138, 2139 [1,2]. The
   purpose of this effort is to give examples that show the need for
   addressing and standardizing these types of ad-hoc functions.  Since
   many of these features require a matching server support component,
   the ability to deploy and manage interoperable NAS and AAA server
   products is severely hindered.

   These practices are documented here to show functions that are
   obviously desired in developing future AAA protocols for NAS
   deployment.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . .  2
   1.1.  Disclaimers . . . . . . . . . . . . . . . . . . . . . . .  3
   1.2.  Presentation  . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Attribute Usage . . . . . . . . . . . . . . . . . . . . . .  3
   2.1. Attribute Conflicts  . . . . . . . . . . . . . . . . . . .  4
   2.2. Attribute Value Conflicts  . . . . . . . . . . . . . . . .  4
   2.2.1 Vendor Specific Enumerations Proposal . . . . . . . . . .  4
   2.3   Vendor Specific Attribute Usage . . . . . . . . . . . . .  5
   2.3.1 VSAs in use by clients: . . . . . . . . . . . . . . . . .  5
   2.3.2 Clients that support multiple Vendors:  . . . . . . . . .  5
   3.  Attribute Data Types  . . . . . . . . . . . . . . . . . . .  6
   4.  New Messages  . . . . . . . . . . . . . . . . . . . . . . .  7
   5.  Additional Functions  . . . . . . . . . . . . . . . . . . .  7
   5.1 Password Change   . . . . . . . . . . . . . . . . . . . . .  8

Mitton                       Informational                      [Page 1]
RFC 2882               Extended RADIUS Practices               July 2000

   5.2 Authentication Modes  . . . . . . . . . . . . . . . . . . .  8
   5.3 Menus . . . . . . . . . . . . . . . . . . . . . . . . . . .  8
   5.4 Pseudo Users  . . . . . . . . . . . . . . . . . . . . . . .  9
   6.  Resource Management . . . . . . . . . . . . . . . . . . . .  9
   6.1 Managed Resources . . . . . . . . . . . . . . . . . . . . .  9
   6.2 Resource Management Messages  . . . . . . . . . . . . . . . 10
   6.3 Concurrent Logins . . . . . . . . . . . . . . . . . . . . . 10
   6.4 Authorization Changes . . . . . . . . . . . . . . . . . . . 11
   7. Policy Services  . . . . . . . . . . . . . . . . . . . . . . 11
   8. Accounting Extensions  . . . . . . . . . . . . . . . . . . . 12
   8.1 Auditing/Activity . . . . . . . . . . . . . . . . . . . . . 12
   9. Conclusions  . . . . . . . . . . . . . . . . . . . . . . . . 12
   10. Security Considerations . . . . . . . . . . . . . . . . . . 13
   11. Implementation Documents  . . . . . . . . . . . . . . . . . 13
   11.1. Clients . . . . . . . . . . . . . . . . . . . . . . . . . 13
   11.2. Servers . . . . . . . . . . . . . . . . . . . . . . . . . 14
   12. References  . . . . . . . . . . . . . . . . . . . . . . . . 14
   13. Author's Address  . . . . . . . . . . . . . . . . . . . . . 15
   14. Full Copyright Statement  . . . . . . . . . . . . . . . . . 16

1.  Introduction

   The RADIUS Working Group was formed in 1995 to document the protocol
   of the same name, and was chartered to stay within a set of bounds
   for dial-in terminal servers.  Unfortunately the real world of
   Network Access Servers (NASes) hasn't stayed that small and simple,
   and continues to evolve at an amazing rate.

   This document shows some of the current implementations on the market
   have already outstripped the capabilities of the RADIUS protocol.  A
   quite a few features have been developed completely outside the
   protocol.  These features use the RADIUS protocol structure and
   format, but employ operations and semantics well beyond the RFC
   documents.

   I learn of the details of these functions from reading industry
   manuals and often have to respond to them in competive bid
   specifications.  As they become deployed in the field, they gather
   the force of de-facto standards.

   Because they have been done outside scope of the RFCs, they are
   vendor specific, and introduce significant problems in offering an
   interoperable product.

Mitton                       Informational                      [Page 2]
Show full document text