查看文章

Some authentication methods, including EAP-PEAP, EAP-TTLS, EAP-SIM and EAP-AKA, can hide the true identity of the user from RADIUS servers outside of the user’s home network. In these methods, the User-Name (1) attribute contains an anonymous identity (eg,@ example. com) sufficient to route the RADIUS packets to the home network but otherwise insufficient to identify the user. While this mechanism is good practice in some circumstances, there are problems if local and intermediate networks require a user identity.

This document introduces an attribute that serves as an alias or handle (hereafter, it is called Chargeable-User-Identity) to the real user’s identity. Chargeable-User-Identity can be used outside the home network in scenarios that traditionaly relied on User-Name (1) to correlate a session to a user.