RE: iSCSI User Auth MIB - security issue

To: Black_David@emc.com
Subject: RE: iSCSI User Auth MIB - security issue
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Thu, 26 Jun 2003 04:25:48 -0700
Cc: ips@ece.cmu.edu
Content-Type: text/plain; format=flowed
Delivered-To: ips@ece.cmu.edu
Sender: owner-ips@ece.cmu.edu

>So, in the RADIUS case, the MIB as-is functions only to do
>authorization (i.e., which identities using what authentication
>methods have access to which targets) in combination with the main
>iSCSI MIB.

The RADIUS access decision involves not only checking the credentials, but 
also validating the authorizations as well. So it seems that the 
authorizations  also potentially reside on the RADIUS server.

I think this means that there needs to be a statement about which 
authorizations take precedence.

In some cases there can be a mix of local and remote authentication -- a 
target can have local users and authentication methods and if the identity 
or authentication method is not one of those, then the authentication is 
remoted.  I think this implies that RADIUS will take precedence for 
authorization of a remote user, but that local authorizations are used for 
local users.

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Prev by Date: RE: Additional FC MIBs proposed
Next by Date: RE: Additional FC MIBs proposed
Prev by thread: RE: iSCSI User Auth MIB - security issue
Next by thread: StatSN and Reject PDUs
Index(es):
- Date
- Thread

Home

Last updated: Thu Jun 26 12:19:23 2003
12677 messages in chronological order