https://ja.wikipedia.org/wiki/RADIUS
「このページは著作権侵害のおそれが指摘されており、事実関係の調査が依頼されています。」
転載元はよく知らない。 IETFのRFC(request for commnet)だけからの理解をするために、まずRFCを読む
読む目的によって、全部読むか、全部に加えてそれぞれのRFCで参照しているRFCも全部読むか、現在有効な文書だけ読むか、現在重要な文書だけ読むかの4種類を想定
重要な文書だけ読む
RADIUSの著名な書籍を読み、その参考文献、引用しているRFCだけ読む。
この方法だと、今回の目的のうち、RFCだけから理解するという作業にならなくなってしまう。
現在有効な文書だけ読む
下記検索結果からObsolatedとなっているもの以外を読む。
ここから始める。
まず、表題にRADIUSの文字があるものだけ最初に読む(1)。
RFC editor search
https://www.rfc-editor.org/search/rfc_search.php
読んだものからURLをつける。
少し作業を進めてみると、
RFC2865,2866, 2867, 2868, 2869の5文書が中核文書だと思ってもいいかもしれない。
もし、構造が変わるのであれば、前の文書をObsolateして、新しい文書番号をつけるはずだから。
(どんどん新しい文書にしていくものと、古い文書を大切にしてUpdateするものもあるかもしれず、かならずしも新番号がつかなければ中核とは限らないかもしれない。)
Radius RFCを全部読む
RFC Editor Searchで、Rasiusで検索した結果が下記。
他の通信規約の場合に、略称が全く出てこない文章もあったような気がする。
全部読む過程で、関連文書、変更文書などが、この一覧にないかを確認する。
Radius RFCで参照しているRFCも読む
ReferenceのRFCを理解していないと、本質的な事項がわからないかもしれない。
例えば、
[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.
はTCPと共存する通信規約で重要である。TCPの上で動くか、UDPの上で動くかで、上の規約の特徴が生きるかどうかがかかっている本質的な参照と、部分的な調整上で参照しているRFCでは必読度が違うかもしれない。
今回は、参照通信規約の重み付けは行なっていない。(重要度を評価するほど理解していない)
参考資料(reference)
RADIUSプロトコル概要
https://qiita.com/noppe78/items/2fb87f45200ad09195ec
シングル構成のRADIUSサーバを、HA環境に移行した時のメモ
https://qiita.com/nagase/items/8316e02f16acf4567326
SoftEther + (Radius + Google-Authenticator) でMFA認証VPN
https://qiita.com/m0559reen/items/87d86968f5cc36fbff1c
OneLoginのRADIUSを使ってAWS WorkSpacesのMFAを実現したときに詰まったところ
https://qiita.com/14kw/items/f2b7790a57b06e292810
Cisco WLC と FreeRADIUS を利用した EAP-TLS認証
https://qiita.com/haruca_tech/items/a9cf4a9168f325e65513
FreeRADIUS
https://qiita.com/eiuemura/items/3dcad222a9a295359b10
EC2上にRADIUSサーバを構築する手順
https://qiita.com/tokino/items/e9e17ec6f253e86bff4e
一覧(list)
Number
Title
Authors
Date
More Info
Status
2058
Remote Authentication Dial In User Service (RADIUS)
C. Rigney, A. Rubens, W. Simpson, S. Willens
January 1997
Obsoleted by RFC 2138
P.S.
2059
RADIUS Accounting
C. Rigney
January 1997
Obsoleted by RFC 2139
Inf.
2107
Ascend Tunnel Management Protocol - ATMP
K. Hamzeh
February 1997
Inf.
2138
Remote Authentication Dial In User Service (RADIUS)
C. Rigney, A. Rubens, W. Simpson, S. Willens
April 1997
Obsoletes RFC 2058, Obsoleted by RFC 2865
P.S.
2139
RADIUS Accounting
C. Rigney
April 1997
Obsoletes RFC 2059, Obsoleted by RFC 2866
Inf.
2548
Microsoft Vendor-specific RADIUS Attributes
G. Zorn
March 1999
Errata
Inf.
2607
Proxy Chaining and Policy Implementation in Roaming
B. Aboba, J. Vollbrecht
June 1999
Inf.
2618
RADIUS Authentication Client MIB
B. Aboba, G. Zorn
June 1999
Obsoleted by RFC 4668
P.S.
2619
RADIUS Authentication Server MIB
G. Zorn, B. Aboba
June 1999
Obsoleted by RFC 4669
P.S.
2620
RADIUS Accounting Client MIB
B. Aboba, G. Zorn
June 1999
Obsoleted by RFC 4670
Inf.
2621
RADIUS Accounting Server MIB
G. Zorn, B. Aboba
June 1999
Obsoleted by RFC 4671
Inf.
2809
Implementation of L2TP Compulsory Tunneling via RADIUS
B. Aboba, G. Zorn
April 2000
Inf.
2865
Remote Authentication Dial In User Service (RADIUS) https://www.rfc-editor.org/rfc/rfc2865.txt
C. Rigney, S. Willens, A. Rubens, W. Simpson
June 2000
Errata, Obsoletes RFC 2138, Updated by RFC 2868, RFC 3575, RFC 5080, RFC 6929, RFC 8044
D.S.
2866
RADIUS Accounting https://www.rfc-editor.org/rfc/rfc2866.txt
C. Rigney
June 2000
Errata, Obsoletes RFC 2139, Updated by RFC 2867, RFC 5080, RFC 5997
Inf.
2867
RADIUS Accounting Modifications for Tunnel Protocol Support https://www.rfc-editor.org/rfc/rfc2867.txt
G. Zorn, B. Aboba, D. Mitton
June 2000
Errata, Updates RFC 2866
Inf.
2868
RADIUS Attributes for Tunnel Protocol Support https://www.rfc-editor.org/rfc/rfc2868.txt
G. Zorn, D. Leifer, A. Rubens, J. Shriver, M. Holdrege, I. Goyret
June 2000
Errata, Updates RFC 2865, Updated by RFC 3575
Inf.
2869
RADIUS Extensions https://www.rfc-editor.org/rfc/rfc2869.txt
C. Rigney, W. Willats, P. Calhoun
June 2000
Updated by RFC 3579, RFC 5080
Inf.
2881
Network Access Server Requirements Next Generation (NASREQNG) NAS Model
D. Mitton, M. Beadles
July 2000
Inf.
2882
Network Access Servers Requirements: Extended RADIUS Practices
D. Mitton
July 2000
Inf.
3162
RADIUS and IPv6
B. Aboba, G. Zorn, D. Mitton
August 2001
Errata, Updated by RFC 8044
P.S.
3575
IANA Considerations for RADIUS (Remote Authentication Dial In User Service)
B. Aboba
July 2003
Errata, Updates RFC 2865, RFC 2868, Updated by RFC 6929
P.S.
3576
Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba
July 2003
Obsoleted by RFC 5176
Inf.
3579
RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)https://www.ietf.org/rfc/rfc3579.txt
B. Aboba, P. Calhoun
September 2003
Updates RFC 2869, Updated by RFC 5080
Inf.
3580
IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines
P. Congdon, B. Aboba, A. Smith, G. Zorn, J. Roese
September 2003
Errata, Updated by RFC 7268
Inf.
4005
Diameter Network Access Server Application
P. Calhoun, G. Zorn, D. Spence, D. Mitton
August 2005
Errata, Obsoleted by RFC 7155
P.S.
4014
Remote Authentication Dial-In User Service (RADIUS) Attributes Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Information Option
R. Droms, J. Schnizlein
February 2005
P.S.
4372
Chargeable User Identity
F. Adrangi, A. Lior, J. Korhonen, J. Loughney
January 2006
P.S.
4590
RADIUS Extension for Digest Authentication
B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams, W. Beck
July 2006
Errata, Obsoleted by RFC 5090
P.S.
4603
Additional Values for the NAS-Port-Type Attribute
G. Zorn, G. Weber, R. Foltak
July 2006
Inf.
4668
RADIUS Authentication Client MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2618
P.S.
4669
RADIUS Authentication Server MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2619
P.S.
4670
RADIUS Accounting Client MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2620
Inf.
4671
RADIUS Accounting Server MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2621
Inf.
4672
RADIUS Dynamic Authorization Client MIB
S. De Cnodder, N. Jonnala, M. Chiba
September 2006
Errata
Inf.
4673
RADIUS Dynamic Authorization Server MIB
S. De Cnodder, N. Jonnala, M. Chiba
September 2006
Errata
Inf.
4675
RADIUS Attributes for Virtual LAN and Priority Support
P. Congdon, M. Sanchez, B. Aboba
September 2006
Errata
P.S.
4679
DSL Forum Vendor-Specific RADIUS Attributes
V. Mammoliti, G. Zorn, P. Arberg, R. Rennison
September 2006
Errata
Inf.
4818
RADIUS Delegated-IPv6-Prefix Attribute
J. Salowey, R. Droms
April 2007
P.S.
4849
RADIUS Filter Rule Attribute
P. Congdon, M. Sanchez, B. Aboba
April 2007
P.S.
5030
Mobile IPv4 RADIUS Requirements
M. Nakhjiri, Ed., K. Chowdhury, A. Lior, K. Leung
October 2007
Inf.
5080
Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes
D. Nelson, A. DeKok
December 2007
Errata, Updates RFC 2865, RFC 2866, RFC 2869, RFC 3579
P.S.
5090
RADIUS Extension for Digest Authentication
B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams, W. Beck
February 2008
Errata, Obsoletes RFC 4590
P.S.
5176
Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba
January 2008
Errata, Obsoletes RFC 3576
Inf.
5580
Carrying Location Objects in RADIUS and Diameter
H. Tschofenig, Ed., F. Adrangi, M. Jones, A. Lior, B. Aboba
August 2009
Errata
P.S.
5607
Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management
D. Nelson, G. Weber
July 2009
P.S.
5608
Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models
K. Narayan, D. Nelson
August 2009
Errata
P.S.
5904
RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support
G. Zorn
June 2010
Inf.
5997
Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol
A. DeKok
August 2010
Errata, Updates RFC 2866
Inf.
6065
Using Authentication, Authorization, and Accounting Services to Dynamically Provision View-Based Access Control Model User-to-Group Mappings
K. Narayan, D. Nelson, R. Presuhn, Ed.
December 2010
P.S.
6158 a.k.a. BCP 158
RADIUS Design Guidelines
A. DeKok, Ed., G. Weber
March 2011
Updated by RFC 6929, RFC 8044
B.C.P.
6218
Cisco Vendor-Specific RADIUS Attributes for the Delivery of Keying Material
G. Zorn, T. Zhang, J. Walker, J. Salowey
April 2011
Errata
Inf.
6421
Crypto-Agility Requirements for Remote Authentication Dial-In User Service (RADIUS)
D. Nelson, Ed.
November 2011
Inf.
6519
RADIUS Extensions for Dual-Stack Lite
R. Maglione, A. Durand
February 2012
Errata
P.S.
6572
RADIUS Support for Proxy Mobile IPv6
F. Xia, B. Sarikaya, J. Korhonen, Ed., S. Gundavelli, D. Damic
June 2012
Updated by RFC 8044
P.S.
6613
RADIUS over TCP
A. DeKok
May 2012
Updated by RFC 7930
Exp.
6614
Transport Layer Security (TLS) Encryption for RADIUS
S. Winter, M. McCauley, S. Venaas, K. Wierenga
May 2012
Exp.
6911
RADIUS Attributes for IPv6 Access Networks
W. Dec, Ed., B. Sarikaya, G. Zorn, Ed., D. Miles, B. Lourdelet
April 2013
P.S.
6929
Remote Authentication Dial In User Service (RADIUS) Protocol Extensions
A. DeKok, A. Lior
April 2013
Updates RFC 2865, RFC 3575, RFC 6158
P.S.
6930
RADIUS Attribute for IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)
D. Guo, S. Jiang, Ed., R. Despres, R. Maglione
April 2013
Errata
P.S.
7037
RADIUS Option for the DHCPv6 Relay Agent
L. Yeh, M. Boucadair
October 2013
P.S.
7268
RADIUS Attributes for IEEE 802 Networks
B. Aboba, J. Malinen, P. Congdon, J. Salowey, M. Jones
July 2014
Updates RFC 3580, RFC 4072, Updated by RFC 8044
P.S.
7360
Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS
A. DeKok
September 2014
Exp.
7499
Support of Fragmentation of RADIUS Packets
A. Perez-Mendez, Ed., R. Marin-Lopez, F. Pereniguez-Garcia, G. Lopez-Millan, D. Lopez, A. DeKok
April 2015
Exp.
7585
Dynamic Peer Discovery for RADIUS/TLS and RADIUS/DTLS Based on the Network Access Identifier (NAI)
S. Winter, M. McCauley
October 2015
Errata
Exp.
7593
The eduroam Architecture for Network Roaming
K. Wierenga, S. Winter, T. Wolniewicz
September 2015
Errata
Inf.
7831
Application Bridging for Federated Access Beyond Web (ABFAB) Architecture
J. Howlett, S. Hartman, H. Tschofenig, J. Schaad
May 2016
Inf.
7832
Application Bridging for Federated Access Beyond Web (ABFAB) Use Cases
R. Smith, Ed.
May 2016
Inf.
7833
A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
J. Howlett, S. Hartman, A. Perez-Mendez, Ed.
May 2016
P.S.
7930
Larger Packets for RADIUS over TCP
S. Hartman
August 2016
Updates RFC 6613
Exp.
8044
Data Types in RADIUS
A. DeKok
January 2017
Updates RFC 2865, RFC 3162, RFC 4072, RFC 6158, RFC 6572, RFC 7268
P.S.
8045
RADIUS Extensions for IP Port Configuration and Reporting
D. Cheng, J. Korhonen, M. Boucadair, S. Sivakumar
January 2017
Errata
P.S.
Best Current Practice: B.C.P.
Draft Standard: D.S.
Experimental: Exp.
Informational: Inf.
Proposed Standard: P.S.
RFC 2865
Remote Authentication Dial In User Service (RADIUS) https://www.rfc-editor.org/rfc/rfc2865.txt C. Rigney, S. Willens, A. Rubens, W. Simpson June 2000 Errata, Obsoletes RFC 2138, Updated by RFC 2868, RFC 3575, RFC 5080, RFC 6929, RFC 8044 Draft Standard
References
[1] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote Authentication Dial In User Service (RADIUS)", RFC 2138, April 1997.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.
[3] Rivest, R. and S. Dusse, "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.
[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.
[5] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[6] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[7] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.
[8] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999.
[9] Kaufman, C., Perlman, R., and Speciner, M., "Network Security: Private Communications in a Public World", Prentice Hall, March 1995, ISBN 0-13-061466-1.
[10] Jacobson, V., "Compressing TCP/IP headers for low-speed serial links", RFC 1144, February 1990.
[11] ISO 8859. International Standard -- Information Processing -- 8-bit Single-Byte Coded Graphic Character Sets -- Part 1: Latin Alphabet No. 1, ISO 8859-1:1987.
[12] Sklower, K., Lloyd, B., McGregor, G., Carr, D. and T. Coradetti, "The PPP Multilink Protocol (MP)", RFC 1990, August 1996.
[13] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[14] Galvin, J., McCloghrie, K. and J. Davin, "SNMP Security Protocols", RFC 1352, July 1992.
[15] Dobbertin, H., "The Status of MD5 After a Recent Attack", CryptoBytes Vol.2 No.2, Summer 1996.
RFC 2866
RFC 2866 RADIUS Accounting https://www.rfc-editor.org/rfc/rfc2866.txt C. Rigney June 2000Errata, Obsoletes RFC 2139, Updated by RFC 2867, RFC 5080, RFC 5997 Informational
References
[1] Rigney, C., "RADIUS Accounting", RFC 2139, April 1997.
[2] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.
[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.
[5] Rivest, R. and S. Dusse, "The MD5 Message-Digest Algorithm", RFC1321, April 1992.
[6] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[7] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC2279, January 1998.
[8] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
RFC 2867
RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Supporthttps://www.rfc-editor.org/rfc/rfc2867.txt G. Zorn, B. Aboba, D. Mitton June 2000 Errata, Updates RFC 2866 Inf.
References
[1] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.
[4] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G. and B. Palter, "Layer Two Tunneling Protocol "L2TP"", RFC 2661, August 1999.
[5] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. and G. Zorn, "Point-to-Point Tunneling Protocol (PPTP)", RFC 2637, July 1999.
RFC 2868
RFC2868 RADIUS Attributes for Tunnel Protocol Support https://www.rfc-editor.org/rfc/rfc2868.txt| G. Zorn, D. Leifer, A. Rubens, J. Shriver, M. Holdrege, I. Goyret June 2000 Errata, Updates RFC 2865, Updated by RFC 3575 Inf.
References
[1] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. and G. Zorn, "Point-to-Point Tunneling Protocol (PPTP)", RFC 2637, July 1999.
[2] Valencia, A., Littlewood, M. and T. Kolar, T., "Cisco Layer Two Forwarding (Protocol) 'L2F'", RFC 2341, May 1998.
[3] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G. and B. Palter, "Layer Two Tunnelling Protocol (L2TP)", RFC 2661, August 1999.
[4] Hamzeh, K., "Ascend Tunnel Management Protocol - ATMP", RFC 2107, February 1997.
[5] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.
[6] Perkins, C., "IP Encapsulation within IP", RFC 2003, October 1996.
[7] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, October 1996.
[8] Atkinson, R., "IP Encapsulating Security Payload (ESP)", RFC 1827, August 1995.
[9] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 1701, October 1994.
[10] Simpson, W., "IP in IP Tunneling", RFC 1853, October 1995.
[11] Zorn, G. and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.
[12] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial in User Service (RADIUS)", RFC 2865, June 2000.
[13] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[14] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[15] Rigney, C., Willats, W. and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000.
[16] Narten, T. and H. Alvestrand, "Guidelines for writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[17] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998.
RFC2869
RFC2869 RADIUS Extensions https://www.rfc-editor.org/rfc/rfc2869.txt C. Rigney, W. Willats, P. Calhoun June 2000 Updated by RFC 3579, RFC 5080 Inf.
References
[1] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[3] Blunk, L. and J. Vollbrecht, "PPP Extensible Authentication Protocol (EAP)", RFC 2284, March 1998.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.
[5] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[6] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.
[7] Zorn, G., Aboba, B. and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.
[8] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.
[9] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[10] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[11] Slatalla, M., and Quittner, J., "Masters of Deception." HarperCollins, New York, 1995.
RFC3579
RFC3579 RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)https://www.ietf.org/rfc/rfc3579.txt B. Aboba, P. Calhoun September 2003, Updates RFC 2869, Updated by RFC 5080, Inf.
References
6.1. Normative References
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.
[RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.
[RFC2284] Blunk, L. and J. Vollbrecht, "PPP Extensible Authentication Protocol (EAP)", RFC 2284, March 1998.
[RFC2401] Atkinson, R. and S. Kent, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.
[RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998.
[RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.
[RFC2486] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999.
[RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission Timer", RFC 2988, November 2000.
[RFC3162] Aboba, B., Zorn, G. and D. Mitton, "RADIUS and IP6", RFC 3162, August 2001.
[RFC3280] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.
[RFC3576] Chiba, M., Dommety, G., Eklund, M., Mitton, D. and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 3576, July 2003.
6.2. Informative References
[RFC826] Plummer, D., "An Ethernet Address Resolution Protocol", STD 37, RFC 826, November 1982.
[RFC1510] Kohl, J. and C. Neuman, "The Kerberos Network Authentication Service (V5)", RFC 1510, September 1993.
[RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994.
[RFC2548] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes", RFC 2548, March 1999.
[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", RFC 2607, June 1999.
[RFC2716] Aboba, B. and D. Simon,"PPP EAP TLS Authentication Protocol", RFC 2716, October 1999.
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[RFC2867] Zorn, G., Aboba, B. and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.
[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.
[RFC2869] Rigney, C., Willats, W. and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000.
[RFC2983] Black, D. "Differentiated Services and Tunnels", RFC 2983, October 2000.
[RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G. and J. Roese, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines", RFC 3580, September 2003.
[IEEE802] IEEE Standards for Local and Metropolitan Area Networks: Overview and Architecture, ANSI/IEEE Std 802, 1990.
[IEEE8021X] IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control, IEEE Std 802.1X-2001, June 2001.
[MD5Attack] Dobbertin, H., "The Status of MD5 After a Recent Attack", CryptoBytes Vol.2 No.2, Summer 1996.
[Masters] Slatalla, M. and J. Quittner, "Masters of Deception." HarperCollins, New York, 1995.
[NASREQ] Calhoun, P., et al., "Diameter Network Access Server Application", Work in Progress.
用語(term)
RFC3579
authenticator
The end of the link requiring the authentication. Also
known as the Network Access Server (NAS) or RADIUS client.
Within IEEE 802.1X terminology, the term Authenticator is
used.
peer
The other end of the point-to-point link (PPP),
point-to-point LAN segment (IEEE 802.1X) or wireless link,
which is being authenticated by the authenticator. In IEEE
802.1X, this end is known as the Supplicant.
authentication server
An authentication server is an entity that provides an
authentication service to an authenticator (NAS). This
service verifies from the credentials provided by the peer,
the claim of identity made by the peer; it also may provide
credentials allowing the peer to verify the identity of the
authentication server. Within this document it is assumed
that the NAS operates as a pass-through, forwarding EAP
packets between the RADIUS server and the EAP peer.
Therefore the RADIUS server operates as an authentication
server.
displayable message
This is interpreted to be a human readable string of
characters, and MUST NOT affect operation of the protocol.
The message encoding MUST follow the UTF-8 transformation
format [RFC2279].
Network Access Server (NAS)
The device providing access to the network. Also known as
the Authenticator (IEEE 802.1X or EAP terminology) or
RADIUS client.
RFC2865, RFC2866, RFC2869
service
The NAS provides a service to the dial-in user, such as PPP
or Telnet.
RFC3579
service
The NAS provides a service to the user, such as IEEE 802 or
PPP.
RFC2865
session
Each service provided by the NAS to a dial-in user
constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that.
RFC2866
session
Each service provided by the NAS to a dial-in user
constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that, with each session
generating a separate start and stop accounting record with
its own Acct-Session-Id.
RFC2869
session
Each service provided by the NAS to a dial-in user
constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that, with each session
generating a separate start and stop accounting record.
RFC3579
session
Each service provided by the NAS to a peer constitutes a
session, with the beginning of the session defined as the
point where service is first provided and the end of the
session defined as the point where service is ended. A
peer may have multiple sessions in parallel or series if
the NAS supports that, with each session generating a
separate start and stop accounting record.
RFC2865, RFC2866, 2869, RFC3579
silently discard
This means the implementation discards the packet without
further processing. The implementation SHOULD provide the
capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event
in a statistics counter.
RFC文書の参照関係
RFC
obsolate
updates
updated
reference
title
2865
2138
2138
Remote Authentication Dial In User Service (RADIUS)
2119
Key words for use in RFCs to Indicate Requirement Levels
1321
The MD5 Message-Digest Algorithm
768
User Datagram Protocol
2866
RADIUS Accounting
1700
Assigned Numbers
2279
UTF-8, a transformation format of ISO 10646
2486
The Network Access Identifier
1144
Compressing TCP/IP headers for low-speed serial links
1990
The PPP Multilink Protocol (MP)
2434
Guidelines for Writing an IANA Considerations Section in RFCs
1352
SNMP Security Protocols
2868
RADIUS Attributes for Tunnel Protocol Support
3575
IANA Considerations for RADIUS (Remote Authentication Dial In User Service)
5080
Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes
6929
Remote Authentication Dial In User Service (RADIUS) Protocol Extensions
8044
Data Types in RADIUS
2866
2139
2139
RADIUS Accounting
2865
Remote Authentication Dial In User Service (RADIUS)
2119
Key words for use in RFCs to Indicate Requirement Levels
768
User Datagram Protocol
1321
The MD5 Message-Digest Algorithm
1700
Assigned Numbers
2279
UTF-8, a transformation format of ISO 10646
2434
Guidelines for Writing an IANA Considerations Section in RFCs
2867
RADIUS Accounting Modifications for Tunnel Protocol Support
5080
Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes
5997
Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol
2867
2866
2866
RADIUS Accounting
2119
Key words for use in RFCs to Indicate Requirement Levels
2868
RADIUS Attributes for Tunnel Protocol Support
2661
Layer Two Tunneling Protocol "L2TP"
2637
Point-to-Point Tunneling Protocol (PPTP)
2868
2865
Remote Authentication Dial In User Service (RADIUS)
3575
IANA Considerations for RADIUS (Remote Authentication Dial In User Service)
2637
Point-to-Point Tunneling Protocol (PPTP)
2341
Cisco Layer Two Forwarding (Protocol) 'L2F
2661
Layer Two Tunneling Protocol "L2TP"
2107
Ascend Tunnel Management Protocol - ATMP
2401
Security Architecture for the Internet Protocol
2001
IP Encapsulation within IP
2004
Minimal Encapsulation within IP
1827
IP Encapsulating Security Payload (ESP)
1701
Generic Routing Encapsulation (GRE)
1853
IP in IP Tunneling
2867
RADIUS Accounting Modifications for Tunnel Protocol Support
2865
Remote Authentication Dial in User Service (RADIUS)
2119
Key words for use in RFCs to Indicate Requirement Levels
1700
Assigned Numbers
2869
RADIUS Extensions"
2434
Guidelines for Writing an IANA Considerations Section in RFCs
2373
IP Version 6 Addressing Architecture
2869
3579
5080
Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes
2865
Remote Authentication Dial in User Service (RADIUS)
2866
RADIUS Accounting
2284
PPP Extensible Authentication Protocol (EAP)
2119
Key words for use in RFCs to Indicate Requirement Levels
1700
Assigned Numbers
2868
RADIUS Attributes for Tunnel Protocol Support
2867
RADIUS Accounting Modifications for Tunnel Protocol Support
2279
UTF-8, a transformation format of ISO 10646
2104
HMAC: Keyed-Hashing for Message Authentication"
2434
Guidelines for Writing an IANA Considerations Section in RFCs
3579
2869
RADIUS Extensions
1321
The MD5 Message-Digest Algorithm
2104
HMAC: Keyed-Hashing for Message Authentication
2119
Key words for use in RFCs to Indicate Requirement Levels
2279
UTF-8, a transformation format of ISO 10646
2284
PPP Extensible Authentication Protocol (EAP)
2401
Security Architecture for the Internet Protocol
2406
IP Encapsulating Security Payload (ESP)
2409
The Internet Key Exchange (IKE)
2486
The Network Access Identifier
2865
Remote Authentication Dial In User Service (RADIUS)
2988
Computing TCP's Retransmission Timer
3162
RADIUS and IP6
3280
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
3576
Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
826
An Ethernet Address Resolution Protocol
1510
The Kerberos Network Authentication Service (V5)
1661
The Point-to-Point Protocol (PPP)
2548
Microsoft Vendor-specific RADIUS Attributes
2607
Proxy Chaining and Policy Implementation in Roaming
2716
PPP EAP TLS Authentication Protocol"
2866
RADIUS Accounting
2867
RADIUS Accounting Modifications for Tunnel Protocol Support
2868
RADIUS Attributes for Tunnel Protocol Support
2869
RADIUS Extensions
2983
Differentiated Services and Tunnels
3580
IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines
文書履歴(document history)
ver. 0.01 初稿 5文書(RFC2865,2866, 2867, 2868, 2869)の参考文献、参照関係整理 20190211 午前
ver. 0.02 RFC3579, 用語(term)追記 20190211 夕
ver. 0.03 表題追記 20190318