Hi Sam: El 16/03/2012, a las 15:51, Sam Hartman escribió:
>>>>>> "Rafa" == Rafa Marin Lopez <[email protected]> writes: > > > Rafa> Personally, I would send a GSS token with the EAP Success and > Rafa> the error code Authorization failed to the initiator. This > Rafa> would allow the initiator to know that authentication was ok > Rafa> but authorization failed. Thus, the initiator does not get > Rafa> confused at all about what happened. > > I'd just send the error. > EAP success doesn't actually allow you to know much of anything because > it's pnot integrity-protected from the EAP server. It is just a matter to be coherent with each part. If the EAP authentication is successful why do not to state so? > You need to send it in success cases so the state machines are in sync. Precisely because of that, I believe EAP success should reach the EAP peer state machine. If the authentication is succesful the EAP success should reach the EAP state machine to move it to the final state. And if the authorization is not, the error code Authorization fail is sent in the GSS-EAP. ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
