Authorization in RADIUS, Authorization in freeradius

Alan DeKok aland at deployingradius.com
Sun Sep 2 17:14:07 CEST 2007


George Beitis wrote:
> I have a general question regarding Authorization in the RADIUS protocol
> and how it is implemented in freeradius.  What does the RADIUS protocol
> refer to when it talks about Authorization, does it actually refer to
> users being probably authorized after being authenticated, using the
> protocol?

  I guess.  It's not really clear.  i.e. No one knows...

>  Are there RADIUS specific attributes that are for
> authorization? (not authentication).

  Most of them?  The authentication attributes are User-Password,
CHAP-Password, EAP-Message... and not much else.  Most everything else
are authorization related.

>  There are ways of implementing
> authorization into freeradius, but do those simply overwrite the
> authentication decision?

  I have no idea what you mean by that.

>  DIAMETER provides such authorization messeges
> from my understanding but the RADIUS protocol does not talk about any,
> is this correct?

  Diameter is useless.  It's a wonderful theoretical design that no one
has deployed in a real network.

  Alan DeKok.



More information about the Freeradius-Users mailing list