SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Auth method negotiation



    Hi
    
    In section 10.4 in Draft v13 it says
    "The AuthMethod selection is followed by an "authentication exchange" 
    specific to the authentication method selected. "
    Should the "is" be replaced by a "MUST" for any AuthMethod selection other 
    than "None"?
    
    As an example closely related to one in the Appendix.
    If the login begins as
    
    I- Login (CSG,NSG=0,1 T=1)
    InitiatorName=iqn.1999-07.com.os.hostid.77
    TargetName=iqn.1999-07.com.acme.diskarray.sn.88
    AuthMethod=KRB5,SRP,CHAP,None
    
    And the target chooses CHAP.
    One question that I have is whether choosing CHAP implies the statement in 
    section 4.3
    "Targets MUST NOT submit parameters that require an additional initiator 
    login request in a login response with the T bit set to 1."
    So if the target chooses CHAP,  does it imply that it expects a CHAP_A 
    response and is not permitted to set the T bit to one even if the target is 
    not interested in authenticating the initiator.
    So is the following reply illegal?
    T- Login-PR (CSG,NSG=1,0 T=1)
    AuthMethod=CHAP
    
    If the above is not illegal, then if the initiator is also not interested 
    in authenticating the target, can the initiator transition to the next stage.
    
    I realize that the above problem might only be a syntactic one as the 
    proper ordering of Auth Methods in the requests sent by the initiator not 
    interested in Authentication would be for None to precede other options and 
    the target will then choose None if it is also not interested in 
    authentication either.
    
    Thanks
    Chirag Wighe
    Software Development Engineer
    Wind River Systems
    
    
    
    
    
    
    
    


Home

Last updated: Fri Jun 21 17:18:44 2002
10927 messages in chronological order