18 Sep
2015
18 Sep
'15
8:15 a.m.
I am not convinced therefore that the Class attribute should ever be used as part of a unique session key therefore.
Maybe. Since you control the Class attribute, you can send back the *same* Class in the second (and later) authentications.
I didn't think we could reliably know at the RADIUS sever if it's a new authentication or a re-authentication taking place? In the case that it's a new authentication, we would want a different Class attribute so that binding from auth to accounting is reliable. Definitely an area where we could do with clarification in the spec. Hmm :( Regards, Nick