| draft-ietf-radext-rfc2619bis-03.txt | draft-ietf-radext-rfc2619bis-04.txt | |||
|---|---|---|---|---|
| Network Working Group D. Nelson | Network Working Group D. Nelson | |||
| Internet-Draft Enterasys Networks | Internet-Draft Enterasys Networks | |||
| Obsoletes: RFC 2619 (if approved) May 12, 2006 | Obsoletes: RFC 2619 (if approved) June 26, 2006 | |||
| Expires: November 13, 2006 | Expires: December 28, 2006 | |||
| RADIUS Auth Server MIB (IPv6) | RADIUS Authentication Server MIB for IPv6 | |||
| draft-ietf-radext-rfc2619bis-03.txt | draft-ietf-radext-rfc2619bis-04.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on November 13, 2006. | This Internet-Draft will expire on December 28, 2006. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2006). | Copyright (C) The Internet Society (2006). | |||
| Abstract | Abstract | |||
| This memo defines a set of extensions which instrument RADIUS | This memo defines a set of extensions, which instrument RADIUS | |||
| authentication server functions. These extensions represent a | authentication server functions. These extensions represent a | |||
| portion of the Management Information Base (MIB) for use with network | portion of the Management Information Base (MIB) for use with network | |||
| management protocols in the Internet community. Using these | management protocols in the Internet community. Using these | |||
| extensions IP-based management stations can manage RADIUS | extensions IP-based management stations can manage RADIUS | |||
| authentication servers. | authentication servers. | |||
| This memo obsoletes RFC 2619 by deprecating the MIB table containing | This memo obsoletes RFC 2619 by deprecating the MIB table containing | |||
| IPv4-only address formats and defining a new table to add support for | IPv4-only address formats and defining a new table to add support for | |||
| version neutral IP address formats. The remaining MIB objects from | version neutral IP address formats. The remaining MIB objects from | |||
| RFC 2619 are carried forward into this document. This memo also adds | RFC 2619 are carried forward into this document. This memo also adds | |||
| skipping to change at page 4, line 41 | skipping to change at page 4, line 41 | |||
| be expected to implement the RADIUS authentication client MIB, while | be expected to implement the RADIUS authentication client MIB, while | |||
| RADIUS authentication servers implement the server function, and thus | RADIUS authentication servers implement the server function, and thus | |||
| would be expected to implement the RADIUS authentication server MIB. | would be expected to implement the RADIUS authentication server MIB. | |||
| However, it is possible for a RADIUS authentication entity to perform | However, it is possible for a RADIUS authentication entity to perform | |||
| both client and server functions. For example, a RADIUS proxy may | both client and server functions. For example, a RADIUS proxy may | |||
| act as a server to one or more RADIUS authentication clients, while | act as a server to one or more RADIUS authentication clients, while | |||
| simultaneously acting as an authentication client to one or more | simultaneously acting as an authentication client to one or more | |||
| authentication servers. In such situations, it is expected that | authentication servers. In such situations, it is expected that | |||
| RADIUS entities combining client and server functionality will | RADIUS entities combining client and server functionality will | |||
| support both the client and server MIBs. | support both the client and server MIBs. The server MIB is defined | |||
| in this document, and the client MIB is defined in [2618bis]. | ||||
| RFC Editor: Replace the above I-D reference with the assigned RFC | ||||
| number at the time of publication and delete this note. | ||||
| This MIB module contains fourteen scalars as well as a single table, | This MIB module contains fourteen scalars as well as a single table, | |||
| the RADIUS Authentication Client Table, which contains one row for | the RADIUS Authentication Client Table, which contains one row for | |||
| each RADIUS authentication client with which the server shares a | each RADIUS authentication client with which the server shares a | |||
| secret. Each entry in the RADIUS Authentication Client Table | secret. Each entry in the RADIUS Authentication Client Table | |||
| includes thirteen columns presenting a view of the activity of the | includes thirteen columns presenting a view of the activity of the | |||
| RADIUS authentication server. | RADIUS authentication server. | |||
| 6. Deprecated Objects | 6. Deprecated Objects | |||
| skipping to change at page 22, line 19 | skipping to change at page 22, line 19 | |||
| 9. Security Considerations | 9. Security Considerations | |||
| There are a number of management objects defined in this MIB that | There are a number of management objects defined in this MIB that | |||
| have a MAX-ACCESS clause of read-write and/or read-create. Such | have a MAX-ACCESS clause of read-write and/or read-create. Such | |||
| objects may be considered sensitive or vulnerable in some network | objects may be considered sensitive or vulnerable in some network | |||
| environments. The support for SET operations in a non-secure | environments. The support for SET operations in a non-secure | |||
| environment without proper protection can have a negative effect on | environment without proper protection can have a negative effect on | |||
| network operations. These are: | network operations. These are: | |||
| radiusAuthServConfigReset This object cab be used to reinitialize the | radiusAuthServConfigReset This object can be used to reinitialize the | |||
| persistent state of any server. When set to reset(2), any | persistent state of any server. When set to reset(2), any | |||
| persistent server state (such as a process) is reinitialized as if | persistent server state (such as a process) is reinitialized as if | |||
| the server had just been started. Depending on the server | the server had just been started. Depending on the server | |||
| impelmentation details, this action may ot may not interrupt the | impelmentation details, this action may ot may not interrupt the | |||
| processing of pending request in the server. Abuse of this object | processing of pending request in the server. Abuse of this object | |||
| may lead to a Denial of Service attack on the server. | may lead to a Denial of Service attack on the server. | |||
| There are a number of managed objects in this MIB that may contain | There are a number of managed objects in this MIB that may contain | |||
| sensitive information. These are: | sensitive information. These are: | |||
| skipping to change at page 23, line 41 | skipping to change at page 23, line 41 | |||
| STD 58, RFC 2579, April 1999. | STD 58, RFC 2579, April 1999. | |||
| [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | |||
| "Conformance Statements for SMIv2", STD 58, RFC 2580, | "Conformance Statements for SMIv2", STD 58, RFC 2580, | |||
| April 1999. | April 1999. | |||
| [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, | [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, | |||
| "Remote Authentication Dial In User Service (RADIUS)", | "Remote Authentication Dial In User Service (RADIUS)", | |||
| RFC 2865, June 2000. | RFC 2865, June 2000. | |||
| [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. | ||||
| Schoenwaelder, "Textual Conventions for Internet Network | ||||
| Addresses", RFC 4001, February 2005. | ||||
| 10.2. Informative References | 10.2. Informative References | |||
| [2618bis] Nelson, D., "RADIUS Authentication Client MIB for IPv6", | ||||
| draft-ietf-radext-rfc2618bis-04.txt (work in progress), | ||||
| June 2006. | ||||
| [RFC2619] Zorn, G. and B. Aboba, "RADIUS Authentication Server MIB", | [RFC2619] Zorn, G. and B. Aboba, "RADIUS Authentication Server MIB", | |||
| RFC 2619, June 1999. | RFC 2619, June 1999. | |||
| [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | |||
| "Introduction and Applicability Statements for Internet- | "Introduction and Applicability Statements for Internet- | |||
| Standard Management Framework", RFC 3410, December 2002. | Standard Management Framework", RFC 3410, December 2002. | |||
| [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. | ||||
| Schoenwaelder, "Textual Conventions for Internet Network | ||||
| Addresses", RFC 4001, February 2005. | ||||
| Appendix A. Acknowledgments | Appendix A. Acknowledgments | |||
| The authors of the original MIB are Bernard Aboba and Glen Zorn. | The authors of the original MIB are Bernard Aboba and Glen Zorn. | |||
| Many thanks to all reviewers, especially to David Harrington, Dan | Many thanks to all reviewers, especially to David Harrington, Dan | |||
| Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen. | Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen. | |||
| Author's Address | Author's Address | |||
| David B. Nelson | David B. Nelson | |||
| End of changes. 9 change blocks. | ||||
| 12 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||