RADIUS attribute from rfc5090


This attribute is used to allow the generation of an
         Authentication-Info header, even if the HTTP-style response's
         body is required for the calculation of the rspauth value.  It
         SHOULD be used in Access-Accept packets if the required quality
         of protection (qop) is 'auth-int'.

         This attribute MUST NOT be sent if the qop parameter was not
         specified or has a value of 'auth' (in this case, use Digest-
         Response-Auth instead).

         The Digest-HA1 Attribute MUST only be sent by the RADIUS server
         or processed by the RADIUS client if at least one of the
         following conditions is true:

         +  The Digest-Algorithm Attribute's value is 'MD5-sess' or

         +  IPsec is configured to protect traffic between the RADIUS
            client and RADIUS server with IPsec (see).

         This attribute MUST only be used in Access-Accept packets.Type
         121 for Digest-HA1
         >= 3
         This attribute contains the hexadecimal representation of H(A1)
         as described in , Sections,, and.