> But it's out of the draft, isn't it? Also, does MIT support a generic
> plugin interface for this? If not, what use is it?
Yes, it does: both at the GSS mechanism layer, and, incidentally, at the Kerberos layer (per auth-data type).
> Are you saying that the acceptor needs a way to request specific
> attributes that the AAA server might otherwise not provide, and that the
> initiator has no way to request them because of how EAP works?
I think the question was how much processing the acceptor would do of the attributes/assertion. I think.
-- Luke
|