SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: PAK: an alternative to SRP and DH-CHAP




    It will also not work on the (mostly) legacy IP-over-pigeon networks.

    Julo


    Bill Strahm <bill@strahm.net>
    Sent by: owner-ips@ece.cmu.edu

    05/03/2002 08:39 PM
    Please respond to Bill Strahm

           
            To:        Bernard Aboba <bernard_aboba@hotmail.com>
            cc:        bill@strahm.net, philmac@research.bell-labs.com, ips@ece.cmu.edu
            Subject:        Re: iSCSI: PAK: an alternative to SRP and DH-CHAP

           


    I'd almost buy this argument, except that means that my custommers will
    have to upgrade their environments to an updated Radius server.  Putting
    deployment requirements like this on custommers is not an easy thing...

    I have been told that many Radius environments in organizations are rather
    old and not prone to upgrading (to do it you have to shut down authentication
    for a period of time).  That is why I refer to a legacy environment, it
    is really easy if I can just say, Please use our Radius server in place
    of the one that you are all ready running...  Now would you want to base
    sales on that ?  

    Bill
    On Fri, May 03, 2002 at 10:06:30AM -0700, Bernard Aboba wrote:
    > >From my understaning of PAK, I don't see a way of plugging this into
    > >a legacy RADIUS environment (I don't have the password avail at the
    > >iSCSI endpoint, only the ability to say please authenticate this for >me)
    >
    > The  RADIUS argument is a red herring. RFC 2869 defines the use of
    > extensible authentication within RADIUS, and most RADIUS servers (including
    > versions of FreeRADIUS) now support this. So the bottom line is the iSCSI
    > should choose the authentication algorithms most appropriate to its needs
    > and not worry about RADIUS compatibility.
    >
    >
    > _________________________________________________________________
    > Chat with friends online, try MSN Messenger: http://messenger.msn.com
    >




Home

Last updated: Fri May 03 14:18:27 2002
9960 messages in chronological order