RFC 4590
Alan DeKok
aland at deployingradius.com
Tue Nov 14 02:25:39 CET 2006
Peter Nixon <listuser at peternixon.net> wrote:
> Is there any reason why "dictionary.digest" exists but is not included (It
> should actually be called dictionary.rfc4590) and the attributes are instead
> declared in "dictionary.freeradius.internal"?
dictionary.digest is a hack (defines sub-attributes). It shouldn't
exist.
> I have changed dictionary.digest to dictionary.rfc4590 in the 1.1.x branch but
Uh, oh. That's not good. The dictionary.digest file is *not* the
same as what's in RFC 4590.
> have not included it yet. Can we clean this stuff up? I am trying to get
> FreeRADIUS to the point where it works with SIP servers (SER etc) out of the
> box.
No one has implemented RFC 4590 yet. Plus, the RFC is wrong, as the
attribute numbers are incorrect, and the final table of what's allowed
where is incorrect. It will be re-issued in a month or two.
Please don't do *anything* with RFC 4590. It's existence is a
figment of your imagination. Once the updated RFC comes out, we'll
use that.
The hardest part about the digest RFC is that the attribute numbers
it has will conflict with stupid Ascend pseudo-VSA's. We've got to
support both, so there's some magic required in src/lib/radius.c
Again, RFC 4590 doesn't exist. Wait a few months for a fixed
version. Don't implement ANYTHING based on RFC 4590.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Devel
mailing list