--- 1/draft-ietf-radext-rfc2619bis-03.txt 2006-06-29 22:13:55.000000000 +0200 +++ 2/draft-ietf-radext-rfc2619bis-04.txt 2006-06-29 22:13:55.000000000 +0200 @@ -1,18 +1,18 @@ Network Working Group D. Nelson Internet-Draft Enterasys Networks -Obsoletes: RFC 2619 (if approved) May 12, 2006 -Expires: November 13, 2006 +Obsoletes: RFC 2619 (if approved) June 26, 2006 +Expires: December 28, 2006 - RADIUS Auth Server MIB (IPv6) - draft-ietf-radext-rfc2619bis-03.txt + RADIUS Authentication Server MIB for IPv6 + draft-ietf-radext-rfc2619bis-04.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -23,29 +23,29 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on November 13, 2006. + This Internet-Draft will expire on December 28, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract - This memo defines a set of extensions which instrument RADIUS + This memo defines a set of extensions, which instrument RADIUS authentication server functions. These extensions represent a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. Using these extensions IP-based management stations can manage RADIUS authentication servers. This memo obsoletes RFC 2619 by deprecating the MIB table containing IPv4-only address formats and defining a new table to add support for version neutral IP address formats. The remaining MIB objects from RFC 2619 are carried forward into this document. This memo also adds @@ -144,21 +144,25 @@ be expected to implement the RADIUS authentication client MIB, while RADIUS authentication servers implement the server function, and thus would be expected to implement the RADIUS authentication server MIB. However, it is possible for a RADIUS authentication entity to perform both client and server functions. For example, a RADIUS proxy may act as a server to one or more RADIUS authentication clients, while simultaneously acting as an authentication client to one or more authentication servers. In such situations, it is expected that RADIUS entities combining client and server functionality will - support both the client and server MIBs. + support both the client and server MIBs. The server MIB is defined + in this document, and the client MIB is defined in [2618bis]. + + RFC Editor: Replace the above I-D reference with the assigned RFC + number at the time of publication and delete this note. This MIB module contains fourteen scalars as well as a single table, the RADIUS Authentication Client Table, which contains one row for each RADIUS authentication client with which the server shares a secret. Each entry in the RADIUS Authentication Client Table includes thirteen columns presenting a view of the activity of the RADIUS authentication server. 6. Deprecated Objects @@ -971,21 +972,21 @@ 9. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are: - radiusAuthServConfigReset This object cab be used to reinitialize the + radiusAuthServConfigReset This object can be used to reinitialize the persistent state of any server. When set to reset(2), any persistent server state (such as a process) is reinitialized as if the server had just been started. Depending on the server impelmentation details, this action may ot may not interrupt the processing of pending request in the server. Abuse of this object may lead to a Denial of Service attack on the server. There are a number of managed objects in this MIB that may contain sensitive information. These are: @@ -1038,33 +1039,37 @@ STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. + [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. + Schoenwaelder, "Textual Conventions for Internet Network + Addresses", RFC 4001, February 2005. + 10.2. Informative References + [2618bis] Nelson, D., "RADIUS Authentication Client MIB for IPv6", + draft-ietf-radext-rfc2618bis-04.txt (work in progress), + June 2006. + [RFC2619] Zorn, G. and B. Aboba, "RADIUS Authentication Server MIB", RFC 2619, June 1999. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. - [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. - Schoenwaelder, "Textual Conventions for Internet Network - Addresses", RFC 4001, February 2005. - Appendix A. Acknowledgments The authors of the original MIB are Bernard Aboba and Glen Zorn. Many thanks to all reviewers, especially to David Harrington, Dan Romascanu, C.M. Heard, Bruno Pape, Greg Weber and Bert Wijnen. Author's Address David B. Nelson