|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSCSI User Auth MIB - security issue>So, in the RADIUS case, the MIB as-is functions only to do >authorization (i.e., which identities using what authentication >methods have access to which targets) in combination with the main >iSCSI MIB. The RADIUS access decision involves not only checking the credentials, but also validating the authorizations as well. So it seems that the authorizations also potentially reside on the RADIUS server. I think this means that there needs to be a statement about which authorizations take precedence. In some cases there can be a mix of local and remote authentication -- a target can have local users and authentication methods and if the identity or authentication method is not one of those, then the authentication is remoted. I think this implies that RADIUS will take precedence for authorization of a remote user, but that local authorizations are used for local users. _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Home Last updated: Thu Jun 26 12:19:23 2003 12677 messages in chronological order |