#20: Method Meta-Data > Section 4.5.3 > > " The password authentication exchange MUST support additional > associated meta-data which can be used to indicate whether the > authentication is for a user or a machine. This allows the EAP > server and peer to request and negotiate authentication > specifically > for a user or machine. This is useful in the case of > multiple inner > authentications where the user and machine both need to be > authenticated. > " > Why is it necessary to support meta-data to indicate whether > authentication is for a user or machine? Few authentication > protocols support this today and don't seem to miss it. For > example, does Kerberos or PKI distinguish explicitly between > user and machine credentials? >
and > Section 4.6.5 > > " The tunnel method MUST allow for the communication of > additional data > associated with an EAP method. This can be used to > indicate whether > the authentication is for a user or a machine. This allows the EAP > server and peer to request and negotiate authentication > specifically > for a user or machine. This is useful in the case of > multiple inner > EAP authentications where the user and machine both need to be > authenticated. > " > Again, why is meta-data necessary? Can't the basic need for > machine + user auth be met without this? > -- Ticket URL: <http://wiki.tools.ietf.org/wg/emu/trac/ticket/20> emu <http://tools.ietf.org/wg/emu/> _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
