On Fri, Nov 14, 2008 at 1:41 AM, <[EMAIL PROTECTED]> wrote: > b. The authorizations are changed as a result of a successful > re-authentication. In this case, the Service Unavailable (15) > termination cause is used. For accounting purposes, the portion > of the session after the authorization change is treated as a > separate session. > > It would be quite reasonable to interpret change of user credentials as > change of authorization.
It may look like that in some cases, but I do not think that this would be a generic solution. NAS does not simply have enough information to figure out when "authorization" changes (whatever that exactly means). One example of a changing public (i.e., visible to NAS) user identity is in EAP-SIM and EAP-AKA which support identity privacy and fast re-authentication using a temporary identity that is sent in EAP-Response/Identity. If IEEE 802.1X Authenticator triggers reauthentication during the same 802.11 association, the User-Name attribute will change even though the real credentials (SIM/USIM) remains the same. NAS has no way of knowing this; only AS and Supplicant know how to map the temporary identity to the permanent identity for the same credential. - Jouni - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
