|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI: PAK: an alternative to SRP and DH-CHAPBill- I agree with you on this one; my sales people tell me the same thing. It's very important that iSCSI works with existing infrastructure that's deployed, which is rarely the same thing as existing technology that could be deployed. -- Mark Bill Strahm wrote: > > I'd almost buy this argument, except that means that my custommers will > have to upgrade their environments to an updated Radius server. Putting > deployment requirements like this on custommers is not an easy thing... > > I have been told that many Radius environments in organizations are rather > old and not prone to upgrading (to do it you have to shut down authentication > for a period of time). That is why I refer to a legacy environment, it > is really easy if I can just say, Please use our Radius server in place > of the one that you are all ready running... Now would you want to base > sales on that ? > > Bill > On Fri, May 03, 2002 at 10:06:30AM -0700, Bernard Aboba wrote: > > >From my understaning of PAK, I don't see a way of plugging this into > > >a legacy RADIUS environment (I don't have the password avail at the > > >iSCSI endpoint, only the ability to say please authenticate this for >me) > > > > The RADIUS argument is a red herring. RFC 2869 defines the use of > > extensible authentication within RADIUS, and most RADIUS servers (including > > versions of FreeRADIUS) now support this. So the bottom line is the iSCSI > > should choose the authentication algorithms most appropriate to its needs > > and not worry about RADIUS compatibility. > > > > > > _________________________________________________________________ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > -- Mark A. Bakke Cisco Systems mbakke@cisco.com 763.398.1054
Home Last updated: Fri May 03 14:18:27 2002 9960 messages in chronological order |