Hi,
Stefan This limits the scope of the error conditions to cases where
Stefan TEAP has all in its own hands - which I believe is limited
Stefan to the Optional Password Authentication of chapter 3.3.2.
DIsagreed.
AAA servers don't signal all of these up, but AAA servers often signal a
number of these.
For example in Freeradius I could actually figure out a number of these
even across an inner tunnel and could easily expand the server to do
better than that.
However if you have nothing else then you are left with inner method
error.
Yes, it occured to me afer sending that my mind model was maybe a bit
too strict: there is no /protocol/ way for things to transpire from
inner to outer; but there may be be other means (like shared memory in
the server process) *if* inner and outer terminate at the same server.
If the inner method is proxied elsewhere, then we're out of luck in
terms of getting specific error conditions from the inner method;
proper protocol-based signaling would then be required but doesn't exist.
I guess it comes down to wordsmithing to express this correctly; like
will work for TEAP's simple password auth, and *may* work for inner
EAP, if inner and outer termination point are co-located, or otherwise
have an unspecified out-of-band protocol of their own for signalling
error conditions between inner and outer termination point.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
