RADIUS Extension for Digest Authentication
RFC 4590
Document | Type |
RFC - Proposed Standard
(July 2006; No errata)
Obsoleted by RFC 5090
|
|
---|---|---|---|
Authors | Baruch Sterman , David Williams , Daniel Sadolevsky , Wolfgang Beck , David Schwartz | ||
Last updated | 2020-07-29 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4590 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | David Kessens | ||
Send notices to | dnelson@enterasys.com, aboba@internaut.com, bernard_aboba@hotmail.com |
Network Working Group B. Sterman Request for Comments: 4590 Kayote Networks Category: Standards Track D. Sadolevsky SecureOL, Inc. D. Schwartz Kayote Networks D. Williams Cisco Systems W. Beck Deutsche Telekom AG July 2006 RADIUS Extension for Digest Authentication Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document defines an extension to the Remote Authentication Dial-In User Service (RADIUS) protocol to enable support of Digest Authentication, for use with HTTP-style protocols like the Session Initiation Protocol (SIP) and HTTP. Table of Contents 1. Introduction ....................................................2 1.1. Terminology ................................................2 1.2. Motivation .................................................3 1.3. Overview ...................................................4 2. Detailed Description ............................................6 2.1. RADIUS Client Behavior .....................................6 2.1.1. Credential Selection ................................6 2.1.2. Constructing an Access-Request ......................6 2.1.3. Constructing an Authentication-Info Header ..........7 2.1.4. Failed Authentication ...............................8 2.1.5. Obtaining Nonces ....................................9 2.2. RADIUS Server Behavior .....................................9 Sterman, et al. Standards Track [Page 1] RFC 4590 RADIUS Digest Authentication July 2006 2.2.1. General Attribute Checks ............................9 2.2.2. Authentication .....................................10 2.2.3. Constructing the Reply .............................11 3. New RADIUS Attributes ..........................................12 3.1. Digest-Response attribute .................................12 3.2. Digest-Realm Attribute ....................................13 3.3. Digest-Nonce Attribute ....................................13 3.4. Digest-Response-Auth Attribute ............................14 3.5. Digest-Nextnonce Attribute ................................14 3.6. Digest-Method Attribute ...................................14 3.7. Digest-URI Attribute ......................................15 3.8. Digest-Qop Attribute ......................................15 3.9. Digest-Algorithm Attribute ................................16 3.10. Digest-Entity-Body-Hash Attribute ........................16 3.11. Digest-CNonce Attribute ..................................17 3.12. Digest-Nonce-Count Attribute .............................17 3.13. Digest-Username Attribute ................................17 3.14. Digest-Opaque Attribute ..................................18 3.15. Digest-Auth-Param Attribute ..............................18 3.16. Digest-AKA-Auts Attribute ................................19 3.17. Digest-Domain Attribute ..................................19 3.18. Digest-Stale Attribute ...................................20 3.19. Digest-HA1 Attribute .....................................20 3.20. SIP-AOR Attribute ........................................21 4. Diameter Compatibility .........................................21 5. Table of Attributes ............................................22 6. Examples .......................................................23 7. IANA Considerations ............................................27 8. Security Considerations ........................................27 8.1. Denial of Service .........................................28 8.2. Confidentiality and Data Integrity ........................28 9. Acknowledgements ...............................................29 10. References ....................................................29 10.1. Normative References .....................................29 10.2. Informative References ...................................30Show full document text