Browse Prior Art Database

RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP) (RFC3579)

IP.com Disclosure Number: IPCOM000019163D
Original Publication Date: 2003-Sep-01
Included in the Prior Art Database: 2003-Sep-03

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Aboba: AUTHOR [+2]

Abstract

This document defines Remote Authentication Dial In User Service (RADIUS) support for the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication mechanisms. In the proposed scheme, the Network Access Server (NAS) forwards EAP packets to and from the RADIUS server, encapsulated within EAP-Message attributes. This has the advantage of allowing the NAS to support any EAP authentication method, without the need for method-specific code, which resides on the RADIUS server. While EAP was originally developed for use with PPP, it is now also in use with IEEE 802.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group B. Aboba

Request for Comments: 3579 Microsoft

Updates: 2869 P. Calhoun

Category: Informational Airespace

September 2003

RADIUS (Remote Authentication Dial In User Service)

Support For Extensible Authentication Protocol (EAP)

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

This document defines Remote Authentication Dial In User Service

(RADIUS) support for the Extensible Authentication Protocol (EAP), an

authentication framework which supports multiple authentication

mechanisms. In the proposed scheme, the Network Access Server (NAS)

forwards EAP packets to and from the RADIUS server, encapsulated

within EAP-Message attributes. This has the advantage of allowing

the NAS to support any EAP authentication method, without the need

for method-specific code, which resides on the RADIUS server. While

EAP was originally developed for use with PPP, it is now also in use

with IEEE 802.

This document updates RFC 2869.

Aboba & Calhoun Informational [Page 1]

RFC 3579 RADIUS & EAP September 2003

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.1. Specification of Requirements. . . . . . . . . . . . . . 3

1.2. Terminology. . . . . . . . . . . . . . . . . . . . . . . 3

2. RADIUS Support for EAP . . . . . . . . . . . . . . . . . . . . 4

2.1. Protocol Overview. . . . . . . . . . . . . . . . . . . . 5

2.2. Invalid Packets. . . . . . . . . . . . . . . . . . . . . 9

2.3. Retransmission . . . . . . . . . . . . . . . . . . . . . 10

2.4. Fragmentation. . . . . . . . . . . . . . . . . . . . . . 10

2.5. Alternative uses . . . . . . . . . . . . . . . . . . . . 11

2.6. Usage Guidelines . . . . . . . . . . . . . . . . . . . . 11

3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.1. EAP-Message. . . . . . . . . . . . . . . . . . . . . . . 15

3.2. Message-Authenticator. . . . . . . . . . . . . . . . . . 16

3.3. Table of Attributes. . . . . . . . . . . . . . . . . . . 18

4. Security Considerations. . . . . . . . . . . . . . . . . . . . 19

4.1. Security Requirements. . . . . . . . . . . . . . . . . . 19

4.2. Security Protocol. . . . . . . . . . . . . . . . . . . . 20

4.3. Security Issues. . . . . . . . . . . . . . . . . . . . . 22

5. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 30

6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30

6.1. Normative References . . . . . . . . . . . . . . . . . . 30

6.2. Informative References . . . . . . . . . . . . . . . . . 32

Appendix A - Examples. . . . . . . . . . . . . . . . . . . . . . . 34

Appendix B - Change Log. . . . . . . . . . . . . . . . . . . . . . 43

Intellectual Property Statement. . . . . . . . . . . . . . . . . . 44

Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 44

Authors' Addres...