Radius authentication and client configuration

[Leonard Schwartz <schwartz@xedia.com>]

In the remote dial-in world there are numbers of features and/or
services expected by users. These include (but certainly not limited
to):
a) ability to perform user authorization to gain access to corporate
networks. This is typically done via Radius authentication;
b) user accounting. This is typically done via Radius accounting;
c) configure remote dial-in client. The configuration information
includes (but not limited to): IP address, net mask, DNS server, etc.

After reviewing several products it is clear that vendors who support
the features defined above implement them in a proprietary fashion, i.e.
dial-in client from vendor X has no chance of performing Radius
authentication and/or client configuration with VPN gateway from vendor
Y.

There are 2 drafts that by introducing a number of additions to ISAKMP
main mode exchange attempt to standardize the process:
- Extended Authentication Within ISAKMP/Oakley
<draft-ietf-ipsec-isakmp-xauth-01.txt> and
- The ISAKMP Configuration Method
<draft-ietf-ipsec-isakmp-mode-cfg-02.txt

Is IPsec working group attempts to standardize these 2 drafts to solve
the problem of Radius authentication and client configuration? Or
perhaps, there are other alternatives that must be examined?

Leonard

---

Follow-Ups:

• Re: Radius authentication and client configuration
• From: Robert Moskowitz <rgm-sec@htt-consult.com>

---

• Prev by Date: 8th IFIP Conference on High Performance Networking (HPN'98)
• Next by Date: Re: IPsec re-defining IP-in-IP? (Fwd)
• Prev by thread: 8th IFIP Conference on High Performance Networking (HPN'98)
• Next by thread: Re: Radius authentication and client configuration
• Index(es):
  • Main
  • Thread