authentication
Click on the red underlined text to get to the source
... Virtual Private Network (VPN) usage,
wireless LAN authentication, and other applications. Interested
parties have included the following:
...
... user identity submitted
by the client during network access authentication. In roaming,
the purpose of the NAI ...
... NAI is to identify the user as well as to
assist in the routing of the authentication request. Please note
that the NAI may not necessarily be the same as the user's e-mail
address ...
... roaming capability, one of the
requirements is to be able to identify the user's home authentication
server. For use in roaming, this function is accomplished via the
Network Access Identifier ...
... by the user to the NAS in
the initial network authentication. It is also expected that NASes
will use the NAI ...
... NAIs are often transported in the User-Name attribute of the
Remote Authentication Dial-In User Service (RADIUS) protocol.
Unfortunately, RFC 2865draft ...
... In some situations, NAIs are used together with a separate
authentication method that can transfer the username part in a more
secure manner ...
... For roaming purposes, it is typically necessary to locate the
appropriate backend authentication server for the given NAI before
the authentication ...
... backend authentication server for the given NAI before
the authentication conversation can proceed. As a result, the realm
portion is typically required in order for the authentication
exchange ...
... authentication conversation can proceed. As a result, the realm
portion is typically required in order for the authentication
exchange to be routed to the appropriate server.
...
... network access setting, such systems are typically the
client and the Authentication, Authorization, and Accounting (AAA)
server. NAIs ...
... possible only when NAIs are used together with a separate
authentication method that can transfer the username in a secure
manner. In some cases, application-specific ...
...
also been used with NAIs. For instance, some Extensible
Authentication Protocol (EAP) methods apply method ...
... use of an FQDN as the realm name does not require use
of the DNS for location of the authentication server. While Diameter
[RFC3588 ...
... [RFC3588] supports the use of DNS for location of authentication
servers, existing RADIUS implementations typically use proxy
...
... proxy
configuration files in order to locate authentication servers within
a domain and perform authentication ...
... authentication servers within
a domain and perform authentication routing. The implementations
described in [RFC2194 ...
... RFC2194] did not use DNS for location of the
authentication server within a domain. Similarly, existing
implementations have not found a need for dynamic routing protocols ...
... Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865draft, June 2000. ...
... Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)", RFC 3579 ...
... Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)", RFC 3579, September 2003. ...
... Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, "Extensible Authentication Protocol (EAP)", RFC 3748prop, June 2004. ...