draft-ietf-radext-rfc2619bis-03.txt   draft-ietf-radext-rfc2619bis-04.txt 
Network Working Group D. Nelson Network Working Group D. Nelson
Internet-Draft Enterasys Networks Internet-Draft Enterasys Networks
Obsoletes: RFC 2619 (if approved) May 12, 2006 Obsoletes: RFC 2619 (if approved) June 26, 2006
Expires: November 13, 2006 Expires: December 28, 2006
RADIUS Auth Server MIB (IPv6) RADIUS Authentication Server MIB for IPv6
draft-ietf-radext-rfc2619bis-03.txt draft-ietf-radext-rfc2619bis-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 13, 2006. This Internet-Draft will expire on December 28, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This memo defines a set of extensions which instrument RADIUS This memo defines a set of extensions, which instrument RADIUS
authentication server functions. These extensions represent a authentication server functions. These extensions represent a
portion of the Management Information Base (MIB) for use with network portion of the Management Information Base (MIB) for use with network
management protocols in the Internet community. Using these management protocols in the Internet community. Using these
extensions IP-based management stations can manage RADIUS extensions IP-based management stations can manage RADIUS
authentication servers. authentication servers.
This memo obsoletes RFC 2619 by deprecating the MIB table containing This memo obsoletes RFC 2619 by deprecating the MIB table containing
IPv4-only address formats and defining a new table to add support for IPv4-only address formats and defining a new table to add support for
version neutral IP address formats. The remaining MIB objects from version neutral IP address formats. The remaining MIB objects from
RFC 2619 are carried forward into this document. This memo also adds RFC 2619 are carried forward into this document. This memo also adds
skipping to change at page 4, line 41 skipping to change at page 4, line 41
be expected to implement the RADIUS authentication client MIB, while be expected to implement the RADIUS authentication client MIB, while
RADIUS authentication servers implement the server function, and thus RADIUS authentication servers implement the server function, and thus
would be expected to implement the RADIUS authentication server MIB. would be expected to implement the RADIUS authentication server MIB.
However, it is possible for a RADIUS authentication entity to perform However, it is possible for a RADIUS authentication entity to perform
both client and server functions. For example, a RADIUS proxy may both client and server functions. For example, a RADIUS proxy may
act as a server to one or more RADIUS authentication clients, while act as a server to one or more RADIUS authentication clients, while
simultaneously acting as an authentication client to one or more simultaneously acting as an authentication client to one or more
authentication servers. In such situations, it is expected that authentication servers. In such situations, it is expected that
RADIUS entities combining client and server functionality will RADIUS entities combining client and server functionality will
support both the client and server MIBs. support both the client and server MIBs. The server MIB is defined
in this document, and the client MIB is defined in [2618bis].
RFC Editor: Replace the above I-D reference with the assigned RFC
number at the time of publication and delete this note.
This MIB module contains fourteen scalars as well as a single table, This MIB module contains fourteen scalars as well as a single table,
the RADIUS Authentication Client Table, which contains one row for the RADIUS Authentication Client Table, which contains one row for
each RADIUS authentication client with which the server shares a each RADIUS authentication client with which the server shares a
secret. Each entry in the RADIUS Authentication Client Table secret. Each entry in the RADIUS Authentication Client Table
includes thirteen columns presenting a view of the activity of the includes thirteen columns presenting a view of the activity of the
RADIUS authentication server. RADIUS authentication server.
6. Deprecated Objects 6. Deprecated Objects
skipping to change at page 22, line 19 skipping to change at page 22, line 19
9. Security Considerations 9. Security Considerations
There are a number of management objects defined in this MIB that There are a number of management objects defined in this MIB that
have a MAX-ACCESS clause of read-write and/or read-create. Such have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. These are: network operations. These are:
radiusAuthServConfigReset This object cab be used to reinitialize the radiusAuthServConfigReset This object can be used to reinitialize the
persistent state of any server. When set to reset(2), any persistent state of any server. When set to reset(2), any
persistent server state (such as a process) is reinitialized as if persistent server state (such as a process) is reinitialized as if
the server had just been started. Depending on the server the server had just been started. Depending on the server
impelmentation details, this action may ot may not interrupt the impelmentation details, this action may ot may not interrupt the
processing of pending request in the server. Abuse of this object processing of pending request in the server. Abuse of this object
may lead to a Denial of Service attack on the server. may lead to a Denial of Service attack on the server.
There are a number of managed objects in this MIB that may contain There are a number of managed objects in this MIB that may contain
sensitive information. These are: sensitive information. These are:
skipping to change at page 23, line 41 skipping to change at page 23, line 41
STD 58, RFC 2579, April 1999. STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, "Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999. April 1999.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service (RADIUS)", "Remote Authentication Dial In User Service (RADIUS)",
RFC 2865, June 2000. RFC 2865, June 2000.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
10.2. Informative References 10.2. Informative References
[2618bis] Nelson, D., "RADIUS Authentication Client MIB for IPv6",
draft-ietf-radext-rfc2618bis-04.txt (work in progress),
June 2006.
[RFC2619] Zorn, G. and B. Aboba, "RADIUS Authentication Server MIB", [RFC2619] Zorn, G. and B. Aboba, "RADIUS Authentication Server MIB",
RFC 2619, June 1999. RFC 2619, June 1999.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
Appendix A. Acknowledgments Appendix A. Acknowledgments
The authors of the original MIB are Bernard Aboba and Glen Zorn. The authors of the original MIB are Bernard Aboba and Glen Zorn.
Many thanks to all reviewers, especially to David Harrington, Dan Many thanks to all reviewers, especially to David Harrington, Dan
Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen. Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen.
Author's Address Author's Address
David B. Nelson David B. Nelson
 End of changes. 9 change blocks. 
12 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/