SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI User Auth MIB - security issue



    >So, in the RADIUS case, the MIB as-is functions only to do
    >authorization (i.e., which identities using what authentication
    >methods have access to which targets) in combination with the main
    >iSCSI MIB.
    
    The RADIUS access decision involves not only checking the credentials, but 
    also validating the authorizations as well. So it seems that the 
    authorizations  also potentially reside on the RADIUS server.
    
    I think this means that there needs to be a statement about which 
    authorizations take precedence.
    
    In some cases there can be a mix of local and remote authentication -- a 
    target can have local users and authentication methods and if the identity 
    or authentication method is not one of those, then the authentication is 
    remoted.  I think this implies that RADIUS will take precedence for 
    authorization of a remote user, but that local authorizations are used for 
    local users.
    
    _________________________________________________________________
    The new MSN 8: advanced junk mail protection and 2 months FREE*  
    http://join.msn.com/?page=features/junkmail
    
    


Home

Last updated: Thu Jun 26 12:19:23 2003
12677 messages in chronological order