draft-ietf-radext-rfc2618bis-03.txt   draft-ietf-radext-rfc2618bis-04.txt 
Network Working Group D. Nelson Network Working Group D. Nelson
Internet-Draft Enterasys Networks Internet-Draft Enterasys Networks
Obsoletes: RFC 2618 (if approved) May 12, 2006 Obsoletes: RFC 2618 (if approved) June 26, 2006
Expires: November 13, 2006 Expires: December 28, 2006
RADIUS Auth Client MIB (IPv6) RADIUS Authentication Client MIB for IPV6
draft-ietf-radext-rfc2618bis-03.txt draft-ietf-radext-rfc2618bis-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 13, 2006. This Internet-Draft will expire on December 28, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This memo defines a set of extensions which instrument RADIUS This memo defines a set of extensions, which instrument RADIUS
authentication client functions. These extensions represent a authentication client functions. These extensions represent a
portion of the Management Information Base (MIB) for use with network portion of the Management Information Base (MIB) for use with network
management protocols in the Internet community. Using these management protocols in the Internet community. Using these
extensions IP-based management stations can manage RADIUS extensions IP-based management stations can manage RADIUS
authentication clients. authentication clients.
This memo obsoletes RFC 2618 by deprecating the MIB table containing This memo obsoletes RFC 2618 by deprecating the MIB table containing
IPv4-only address formats and defining a new table to add support for IPv4-only address formats and defining a new table to add support for
version neutral IP address formats. The remaining MIB objects from version neutral IP address formats. The remaining MIB objects from
RFC 2618 are carried forward into this document. The memo also adds RFC 2618 are carried forward into this document. The memo also adds
skipping to change at page 2, line 20 skipping to change at page 2, line 20
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The Internet-Standard Management Framework . . . . . . . . . . 3 3. The Internet-Standard Management Framework . . . . . . . . . . 3
4. Scope of Changes . . . . . . . . . . . . . . . . . . . . . . . 3 4. Scope of Changes . . . . . . . . . . . . . . . . . . . . . . . 3
5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4
6. Deprecated Objects . . . . . . . . . . . . . . . . . . . . . . 5 6. Deprecated Objects . . . . . . . . . . . . . . . . . . . . . . 5
7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
10.1. Normative References . . . . . . . . . . . . . . . . . . 21 10.1. Normative References . . . . . . . . . . . . . . . . . . 22
10.2. Informative References . . . . . . . . . . . . . . . . . 22 10.2. Informative References . . . . . . . . . . . . . . . . . 22
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 22 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 22
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23
Intellectual Property and Copyright Statements . . . . . . . . . . 24 Intellectual Property and Copyright Statements . . . . . . . . . . 24
1. Terminology 1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
skipping to change at page 4, line 43 skipping to change at page 4, line 43
authentication client MIB, while RADIUS authentication servers authentication client MIB, while RADIUS authentication servers
implement the server function, and thus would be expected to implement the server function, and thus would be expected to
implement the RADIUS authentication server MIB. implement the RADIUS authentication server MIB.
However, it is possible for a RADIUS authentication entity to perform However, it is possible for a RADIUS authentication entity to perform
both client and server functions. For example, a RADIUS proxy may both client and server functions. For example, a RADIUS proxy may
act as a server to one or more RADIUS authentication clients, while act as a server to one or more RADIUS authentication clients, while
simultaneously acting as an authentication client to one or more simultaneously acting as an authentication client to one or more
authentication servers. In such situations, it is expected that authentication servers. In such situations, it is expected that
RADIUS entities combining client and server functionality will RADIUS entities combining client and server functionality will
support both the client and server MIBs. support both the client and server MIBs. The client MIB is defined
in this document, and the server MIB is defined in [2619bis].
RFC Editor: Replace the above I-D reference with the assigned RFC
number at the time of publication and delete this note.
This MIB module contains two scalars as well as a single table, the This MIB module contains two scalars as well as a single table, the
RADIUS Authentication Server Table, which contains one row for each RADIUS Authentication Server Table, which contains one row for each
RADIUS authentication server with which the client shares a secret. RADIUS authentication server with which the client shares a secret.
Each entry in the RADIUS Authentication Server Table includes sixteen Each entry in the RADIUS Authentication Server Table includes sixteen
columns presenting a view of the activity of the RADIUS columns presenting a view of the activity of the RADIUS
authentication client. authentication client.
6. Deprecated Objects 6. Deprecated Objects
skipping to change at page 21, line 11 skipping to change at page 21, line 16
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
radiusAuthServerIPAddress This can be used to determine the address radiusAuthServerIPAddress This can be used to determine the address
of the RADIUS authentication server with which the client is of the RADIUS authentication server with which the client is
communicating. This information could be useful in mounting an communicating. This information could be useful in mounting an
attack on the authentication server. attack on the authentication server.
radiusAuthClientServerPortNumber This can be used to determine the
port number on which the RADIUS authentication client is sending.
This information could be useful in impersonating the client in
order to send data to the authentication server.
radiusAuthServerInetAddress This can be used to determine the address radiusAuthServerInetAddress This can be used to determine the address
of the RADIUS authentication server with which the client is of the RADIUS authentication server with which the client is
communicating. This information could be useful in mounting an communicating. This information could be useful in mounting an
attack on the authentication server. attack on the authentication server.
radiusAuthClientServerInetPortNumber This can be used to determine radiusAuthClientServerInetPortNumber This can be used to determine
the port number on which the RADIUS authentication client is the port number on which the RADIUS authentication client is
sending. This information could be useful in impersonating the sending. This information could be useful in impersonating the
client in order to send data to the authentication server. client in order to send data to the authentication server.
skipping to change at page 22, line 17 skipping to change at page 22, line 26
STD 58, RFC 2579, April 1999. STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, "Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999. April 1999.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", "Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000. RFC 2865, June 2000.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
10.2. Informative References 10.2. Informative References
[2619bis] Nelson, D., "RADIUS Authentication Server MIB for IPv6",
draft-ietf-radext-rfc2619bis-04.txt (work in progress),
June 2006.
[RFC2618] Aboba, B. and G. Zorn, "RADIUS Authentication Client MIB", [RFC2618] Aboba, B. and G. Zorn, "RADIUS Authentication Client MIB",
RFC 2618, June 1999. RFC 2618, June 1999.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
Appendix A. Acknowledgments Appendix A. Acknowledgments
The authors of the original MIB are Bernard Aboba and Glen Zorn. The authors of the original MIB are Bernard Aboba and Glen Zorn.
Many thanks to all reviewers, especially to Dave Harrington, Dan Many thanks to all reviewers, especially to Dave Harrington, Dan
Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen. Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen.
Author's Address Author's Address
David B. Nelson David B. Nelson
 End of changes. 10 change blocks. 
13 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/