|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: PAK: an alternative to SRP and DH-CHAPI'd almost buy this argument, except that means that my custommers will have to upgrade their environments to an updated Radius server. Putting deployment requirements like this on custommers is not an easy thing... I have been told that many Radius environments in organizations are rather old and not prone to upgrading (to do it you have to shut down authentication for a period of time). That is why I refer to a legacy environment, it is really easy if I can just say, Please use our Radius server in place of the one that you are all ready running... Now would you want to base sales on that ? Bill On Fri, May 03, 2002 at 10:06:30AM -0700, Bernard Aboba wrote: > >From my understaning of PAK, I don't see a way of plugging this into > >a legacy RADIUS environment (I don't have the password avail at the > >iSCSI endpoint, only the ability to say please authenticate this for >me) > > The RADIUS argument is a red herring. RFC 2869 defines the use of > extensible authentication within RADIUS, and most RADIUS servers (including > versions of FreeRADIUS) now support this. So the bottom line is the iSCSI > should choose the authentication algorithms most appropriate to its needs > and not worry about RADIUS compatibility. > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com >
Home Last updated: Fri May 03 14:18:27 2002 9960 messages in chronological order |