DIEGO LOPEZ GARCIA wrote: > From the RADIUS protocol point of view I see two possible options: making the > server to send successive Access-Challenge responses with the corresponding > SAML messages, or defining a new RADIUS packet type. The first option has the > advantage of being easier to implement, though it implies stretching > (probably too much) the semantics of the challenge loops.
It involves some serious changes to RADIUS servers and clients. For this to work at *all*, it would have to be done via Access-Challenge. These will pass through intermediate proxies. Any new RADIUS packet code will be dropped by nearly everyone. > There is of course a lot to ellaborate to make this a viable solution and I > can volunteer to start writing something more detailed if the group thinks > this idea makes any sense. You'll have to pass it by radext. That review traditionally takes a while. An alternative that's been discussed has been to relax the 4K packet size limit for RADIUS over TCP. TCP doesn't have fragmentation issues like UDP, which makes it easier to increase the packet size. Another alternative is to stop using RADIUS for bulk data transfer. :) Instead, put the data somewhere..., and have the client somehow... get it via another protocol. Alan DeKok. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
