AVPs in replies for requests with concatenated AVPs

haussli / draft-dahm-opsawg-tacacs-security

IETF draft for new tacacs+ security features

1 stars 1 forks source link

AVPs in replies for requests with concatenated AVPs #24

Closed haussli closed 3 years ago

haussli commented 3 years ago

If a server concatenates AVPs of the same name received from a client, can it reply with the resulting single concatenated AVP, assuming it does not exceed a T+ message, or must it retain the original format (ie: multiple AVPs)?

For example, the 8097 S6.2 status field. Must the server reply with the AVPs as received? Does it reply with the concatenated AVP and _PASS_REPL? Something else?

dcmgashcisco commented 3 years ago

The interpretation by the server should not impact the PASS_REPL flow, there should be no change from 8097 in this way.

dcmgashcisco commented 3 years ago

Have removed the generic concatenation rule with same attribute names, and replaces with text that the rules for same attribute name will be clarified per attribute.