Network Working Group G. Stump Request for Comments: 3004 IBM Category: Standards Track R. Droms Cisco Systems Y. Gu R. Vyaghrapuri A. Demirtjis Microsoft B. Beser Pacific Broadband Communications J. Privat Northstream AB November 2000
Network Working Group G. Stump Request for Comments: 3004 IBM Category: Standards Track R. Droms Cisco Systems Y. Gu R. Vyaghrapuri A. Demirtjis Microsoft B. Beser Pacific Broadband Communications J. Privat Northstream AB November 2000
The User Class Option for DHCP
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This option is used by a Dynamic Host Configuration Protocol (DHCP) client to optionally identify the type or category of user or applications it represents. The information contained in this option is an opaque field that represents the user class of which the client is a member. Based on this class, a DHCP server selects the appropriate address pool to assign an address to the client and the appropriate configuration parameters. This option should be configurable by a user.
DHCP administrators may define specific user class identifiers to convey information about a client's software configuration or about its user's preferences. For example, the User Class option can be used to configure all clients of people in the accounting department with a different printer than clients of people in the marketing department.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3].
o "DHCP client" A DHCP client or "client" is an Internet host using DHCP to obtain configuration parameters such as a network address.
o "DHCP server" A DHCP server or "server" is an Internet host that returns configuration parameters to DHCP clients.
o "binding" A binding is a collection of configuration parameters, including at least an IP address, associated with or "bound to" a DHCP client. Bindings are managed by DHCP servers.
This option is used by a DHCP client to optionally identify the type or category of user or applications it represents. A DHCP server uses the User Class option to choose the address pool it allocates an address from and/or to select any other configuration option.
This option is a DHCP option [1, 2].
This option MAY carry multiple User Classes. Servers may interpret the meanings of multiple class specifications in an implementation dependent or configuration dependent manner, and so the use of multiple classes by a DHCP client should be based on the specific server implementation and configuration which will be used to process that User class option.
The format of this option is as follows:
Code Len Value +-----+-----+--------------------- . . . --+ | 77 | N | User Class Data ('Len' octets) | +-----+-----+--------------------- . . . --+
Code Len Value +-----+-----+--------------------- . . . --+ | 77 | N | User Class Data ('Len' octets) | +-----+-----+--------------------- . . . --+
where Value consists of one or more instances of User Class Data. Each instance of User Class Data is formatted as follows:
UC_Len_i User_Class_Data_i +--------+------------------------ . . . --+ | L_i | Opaque-Data ('UC_Len_i' octets) | +--------+------------------------ . . . --+
UC_Len_i User_Class_Data_i +--------+------------------------ . . . --+ | L_i | Opaque-Data ('UC_Len_i' octets) | +--------+------------------------ . . . --+
Each User Class value (User_Class_Data_i) is indicated as an opaque field. The value in UC_Len_i does not include the length field itself and MUST be non-zero. Let m be the number of User Classes carried in the option. The length of the option as specified in Len must be the sum of the lengths of each of the class names plus m: Len= UC_Len_1 + UC_Len_2 + ... + UC_Len_m + m. If any instances of User Class Data are present, the minimum value of Len is two (Len = UC_Len_1 + 1 = 1 + 1 = 2).
The Code for this option is 77.
A server that is not equipped to interpret any given user class specified by a client MUST ignore it (although it may be reported). If a server recognizes one or more user classes specified by the client, but does not recognize one or more other user classes specified by the client, the server MAY use the user classes it recognizes.
DHCP clients implementing this option SHOULD allow users to enter one or more user class values.
Option 77, which IANA has already assigned for this purpose, should be used as the User Class Option for DHCP.
DHCP currently provides no authentication or security mechanisms. Potential exposures to attack are discussed is section 7 of the protocol specification [1].
DHCP目前不提供身份验证或安全机制。协议规范[1]第7节讨论了潜在的攻击风险。
This lack of authentication mechanism means that a DHCP server cannot check if a client or user is authorized to use a given User Class. This introduces an obvious vulnerability when using the User Class option. For example, if the User Class is used to give out a special parameter (e.g., a particular database server), there is no way to authenticate a client and it is therefore impossible to check if a client is authorized to use this parameter.
缺乏身份验证机制意味着DHCP服务器无法检查客户端或用户是否有权使用给定的用户类。这在使用用户类选项时引入了一个明显的漏洞。例如,如果用户类用于给出特殊参数(例如,特定的数据库服务器),则无法对客户端进行身份验证,因此无法检查客户端是否有权使用此参数。
[1] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[1] Droms,R.,“动态主机配置协议”,RFC 2131,1997年3月。
[2] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997.
[2] Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC 21321997年3月。
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
This document is based on earlier drafts by Glenn Stump, Ralph Droms, Ye Gu, Ramesh Vyaghrapuri and Burcak Beser. Thanks to Ted Lemon, Steve Gonczi, Kim Kinnear, Bernie Volz, Richard Jones, Barr Hibbs and Thomas Narten for their comments and suggestions.
本文件基于Glenn Stump、Ralph Droms、Ye Gu、Ramesh Vyaghrapuri和Burcak Beser的早期草案。感谢Ted Lemon、Steve Gonczi、Kim Kinnear、Bernie Volz、Richard Jones、Barr Hibbs和Thomas Narten的评论和建议。
Glenn Stump IBM Networking Software P.O. Box 12195 RTP, NC 27709
Glenn Stump IBM网络软件邮政信箱12195 RTP,北卡罗来纳州27709
Phone: 919 301 4277 EMail: stumpga@us.ibm.com
电话:919 301 4277电子邮件:stumpga@us.ibm.com
Ralph Droms Cisco Systems 300 Apollo Drive Chelmsford, MA 01824
拉尔夫·德罗姆斯思科系统公司,马萨诸塞州切姆斯福德阿波罗大道300号,邮编01824
Phone: 978 244 4733 EMail: rdroms@cisco.com
电话:9782444733电子邮件:rdroms@cisco.com
Ye Gu Microsoft Corporation One Microsoft Way Redmond, WA 98052
野谷微软公司华盛顿州雷德蒙微软大道一号,邮编:98052
Phone: 425 936 8601 EMail: yegu@microsoft.com
电话:425 936 8601电子邮件:yegu@microsoft.com
Ramesh Vyaghrapuri Microsoft Corporation One Microsoft Way Redmond, WA 98052
Ramesh Vyaghrapuri微软公司位于华盛顿州雷德蒙市微软大道一号,邮编:98052
Phone: 425 703 9581 EMail: rameshv@microsoft.com
电话:4257039581电子邮件:rameshv@microsoft.com
Burcak Beser Pacific Broadband Communications 3103 North 1st Street San Jose, CA 95134
加利福尼亚州圣何塞北第一街3103号Burcak Beser Pacific Broadband Communications,邮编95134
Phone: 408 468 6265 Email: Burcak@pacband.com
电话:408 468 6265电子邮件:Burcak@pacband.com
Ann Demirtjis Microsoft Corporation One Microsoft Way Redmond WA 98052
Ann Demirtjis微软公司一路微软雷蒙德华盛顿98052
Phone: 425 705 2254 EMail: annd@microsoft.com
电话:4257052254电子邮件:annd@microsoft.com
Jerome Privat Northstream AB Espace Beethoven 1 1200 Route des Lucioles BP 302 06906 Sophia Antipolis Cedex France
Jerome Privat Northstream AB Espace贝多芬1200路卢西奥BP 302 06906索菲亚安提波利斯塞德克斯法国
Phone: +33 4 97 23 40 45 Fax: +33 4 97 23 24 51 Mobile: +33 6 13 81 76 71 Email: jerome.privat@northstream.se
Phone: +33 4 97 23 40 45 Fax: +33 4 97 23 24 51 Mobile: +33 6 13 81 76 71 Email: jerome.privat@northstream.se
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。