Re: iSCSI: PAK: an alternative to SRP and DH-CHAP

To: bill@strahm.net, philmac@research.bell-labs.com
Subject: Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Fri, 03 May 2002 10:06:30 -0700
Cc: ips@ece.cmu.edu
Content-Type: text/plain; format=flowed
Sender: owner-ips@ece.cmu.edu

>From my understaning of PAK, I don't see a way of plugging this into
>a legacy RADIUS environment (I don't have the password avail at the
>iSCSI endpoint, only the ability to say please authenticate this for >me)

The  RADIUS argument is a red herring. RFC 2869 defines the use of 
extensible authentication within RADIUS, and most RADIUS servers (including 
versions of FreeRADIUS) now support this. So the bottom line is the iSCSI 
should choose the authentication algorithms most appropriate to its needs 
and not worry about RADIUS compatibility.


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Follow-Ups:
- Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
  - From: Bill Strahm <bill@strahm.net>

Prev by Date: remove
Next by Date: Re: iSCSI - re-phrase of 4.1
Prev by thread: Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
Next by thread: Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
Index(es):
- Date
- Thread

Home

Last updated: Fri May 03 14:18:27 2002
9960 messages in chronological order