> A New Internet-Draft is available from the on-line
> Internet-Drafts directories.
>
>
> Title : DHCP User-based Authentication
> Author(s) : Y. Zhao
> Filename : draft-zhao-dhc-user-authentication-00.txt
> Pages : 24
> Date : 2006-10-2
>
> This document defines an authentication mechanism to provide an
> authentication for a user in an access network by means of dhcp. The
> authentication mechanism described here couples DHCP to an
> authentication, authorization and accounting system (AAA), thus
> enabling users to supply user credentials for AAA via DHCP.
What is the benefit of the relay performing the AAA transaction instead of the DHCP server itself? If the DHCP server performs the AAA, existing relays don't have to be modified at all. Actually, why isn't this idea adjusted to be a different authentication mechanism within the RFC 3118 framework? Currently 3118 defines a cleartext shared secret, and some other key-based delayed authentication. What about defining a new algorithm/protocol for the client device to be able to pass the "username" in the Discover's authentication option?
Although, two other questions come to mind:
1) What about devices which don't have a user? (Or don't have a user yet?)
2) What about devices which have multiple users? Which one does the system use?
Also I'd like to remind you of previous similar work in RFC 4104, although it depends on other authentication protocols lick 802.1x.
_______________________________________________ dhcwg mailing list dhcwg at ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg