Previous page Section 3.14.27. RequireMessageAuthenticator Section 3.14.28. LimitProxyState (323 / 1693)   Table of Contents Section 3.14.29. DynAuthPort Next page

3.14.28. LimitProxyState Previous topic Parent topic Child topic Next topic

The optional LimitProxyState flag parameter causes the Client to require a Message-Authenticator attribute to be present when one or more Proxy-State attributes are received. Radius clients that are not proxies should never send Proxy-State attributes. Proxies should always include a Message-Authenticator with the messages they forward. Limiting Proxy-State to requests which also include Message-Authenticator allows the server to discard unexpected requests from non-proxy clients.
This flag parameter is not set by default. Consider this parameter only for clients that are not proxies and are not capable of sending Message-Authenticator. Consider RequireMessageAuthenticator for proxies and other clients that support Message-Authenticator.
Previous page Section 3.14.27. RequireMessageAuthenticator Section 3.14.28. LimitProxyState (323 / 1693)   Table of Contents Section 3.14.29. DynAuthPort Next page