Name
User-Name
Synopsis
Attribute Number |
1 |
Length |
3 or more octets |
Value |
STRING |
Allowed in |
Access-Request, Access-Accept |
Prohibited in |
Access-Reject, Access-Challenge |
Presence in Packet |
Not required |
Maximum Iterations |
1 |
This attribute carries the distinguished name of the client requesting access to services on the network. Since usernames come in all sizes and flavors, there is not a specified maximum length for this value. It has been recommended by the RADIUS committee and those who follow its proceedings that support for a larger username space be provided (up to 64 bytes in length) to allow the implementation-specific RADIUS client gear to perform its own compliancy and validity checking. This allows each administrator to customize the requirements for a valid username without having a standard dictate to them how usernames are constructed.
There are no specific requirements for the format in which these
usernames must be represented, but there are a number of possible
ways in which usernames are commonly passed in the
User-Name
attribute. Monolithic, or alphanumeric, passwords consist of all letters and numbers. UTF-8 characters are also supported. Additionally, usernames can be passed that conform to the Network Access Identifier (NAI) ASN.1 format—this is often known as the “distinguished name”—or some other format common to both the client and the RADIUS implementation. Because of this flexibility, administrators have a wide realm of possibilities ...
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.