[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [dhcwg] [New I-D] DHCP User-based Authentication

To: "Amy Zhao" <zhaoyuping at huawei.com>, "pavan_kurapati" <pavan_kurapati at infosys.com>
Subject: RE: [dhcwg] [New I-D] DHCP User-based Authentication
From: "bharat_joshi" <bharat_joshi at infosys.com>
Date: Sat, 14 Oct 2006 12:32:45 +0530
Cc: dhcwg at ietf.org
List-help: <mailto:dhcwg-request@ietf.org?subject=help>
List-id: dhcwg.ietf.org
List-post: <mailto:dhcwg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
Thread-index: Acbupt+ZXZAA2ZUfSlGEOK/mFldHJQAsyMJwAADG9DA=
Thread-topic: [dhcwg] [New I-D] DHCP User-based Authentication

Hi Amy,

     The questions raised by Pavan raised some more questions. Please
see my questions in line.

     I have not read the complete draft yet so a question might have
been addressed in your draft.

Thanks,
Bharat

> > 1. Since the AAA server is interacting with Relay Agent, why
> > do we carry the messages to the server if the authentication
> > is failed?
>
> The purpose is to avoid dhcp client to retransmit request message.
> If the authentication is failed and we do not carry this message to
the
> server,
> server will not response to dhcp client, the timer on the client will
> expire, and this
> will result in retransmission of dhcp request message.
>

What will happen when authentication of a client fails? Will DHCP won't
provide configurations for that host? What happens when there are
multiple users connecting from the same host? [I think someone else have
already raised this question]

> > 3. In section 6, In basic authentication mechanism, client
> > will put User-based Authentication option only in DISCOVER
> > packet (as per the initial flow chart) and the REQUEST does
> > not contain this option. I think you need to make it clear in
> > first bullet point.
>
> OK, I will do.
>

This raised another question whether DHCP server would need to
authenticate a user before accepting a RENEW or RELEASE request.

Also instead of generating a DHCP DISCOVER, a DHCP client can generate a
DHCP request and so DHCP server must authenticate before accepting a
DHCP request as well.


**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***

_______________________________________________
dhcwg mailing list
dhcwg at ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

Prev by Date: RE: [dhcwg] [New I-D] DHCP User-based Authentication
Next by Date: [dhcwg] *DRAFT* agenda for dhc WG meeting in San Diego
Previous by thread: RE: [dhcwg] [New I-D] DHCP User-based Authentication
Next by thread: [dhcwg] FYI, Internet-Drafts Submission Cutoff Dates for the 67th IETF Meeting in San Diego
Index(es):
- Date
- Thread