Service Provisioning Using AAA (FreeRadius)

John Dennis jdennis at redhat.com
Wed Jun 5 15:17:27 CEST 2013


On 06/05/2013 05:29 AM, Prabhpal S. Mavi wrote:
>> Am Dienstag, 4. Juni 2013, 10:45:01 schrieb Russell Mike:
>>> Hi List
>>>
>>> After googling for few days still not so much clear. Therefore, i have
>>> decided to implement three *"A"* in three different steps. For now, i
>>> only
>>> want to use Authorize function of FR. i do not want authentication &
>>> Accounting BUT authorization.
>
>
> No. How can you authorize somebody without beeing sure who that user is. Only
> authentication provides that information. So you need authentication and
> authorization.
>
>
> Hello MS.
>
> I do not agree to your response.
>
> Authorization is a process where information in a request is evaluated.
> This information may be used to validate against information about the
> user that was obtained from file, database, or LDAP directory.
>
> Authorization happens before authentication
>
> and does not involve the checking of a password. We can use various logic
> and comparisons to determine if a user is authorized to connect to a
> network. i look forward be hear back....
>

You're both right, now shake hands and make up :-) The problem with the 
term authorization in radius is used in a non-standard way that leads to 
confusion. The normal use of the term authorization (authz) indicates 
what a principal is permitted to do and a principal must be validated 
via authentication (authn) first. In radius authorization means 
collecting information necessary to perform the authentication 
operation. It's an unfortunate semantic difference that leads to a fair 
amount of confusion (myself included), but after a while you get used to it.

John


More information about the Freeradius-Users mailing list