<div dir="ltr"><font face="verdana, sans-serif">Hi John & Alan, Kindly clarify</font><div><font face="verdana, sans-serif"><br></font></div><div><font face="verdana, sans-serif">Does this means, it is posible to use </font><span style="font-family:verdana,sans-serif">only</span><span style="font-family:verdana,sans-serif"> </span><span style="font-family:verdana,sans-serif">authorize function of FR and process all authentication requests with following virtual server?</span></div>
<div><span style="font-family:'trebuchet ms',sans-serif;font-size:9pt"><br></span></div><div>
<div class="" title="Page 206">
<div class="">
<div class="">
<ol start="0" style="list-style-type:none">
<li>
<pre><span style="font-size:9pt"><font face="verdana, sans-serif" color="#6aa84f">server accept_all_requests {
authorize {
</font></span></pre>
<pre><span style="font-size:9pt"><font face="verdana, sans-serif" color="#6aa84f"> update control {
Auth-Type := "Accept"
</font></span></pre>
<p><span style="font-size:9pt"><font face="verdana, sans-serif" color="#6aa84f">} </font></span></p><p><span style="color:rgb(106,168,79);font-family:verdana,sans-serif;font-size:9pt"> }</span></p>
<p><span style="font-size:9pt"><font face="verdana, sans-serif" color="#6aa84f"> } </font></span></p></li></ol></div></div></div></div><div><div class="gmail_extra"><font face="verdana, sans-serif">Thanks / Regards</font></div>
<div class="gmail_extra"><font face="verdana, sans-serif">--RM</font></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 5, 2013 at 1:34 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">John Dennis wrote:<br>
> You're both right, now shake hands and make up :-) The problem with the<br>
> term authorization in radius is used in a non-standard way that leads to<br>
> confusion. The normal use of the term authorization (authz) indicates<br>
> what a principal is permitted to do and a principal must be validated<br>
> via authentication (authn) first. In radius authorization means<br>
> collecting information necessary to perform the authentication<br>
> operation. It's an unfortunate semantic difference that leads to a fair<br>
> amount of confusion (myself included), but after a while you get used to<br>
> it.<br>
<br>
</div> It was a historical mistake in FreeRADIUS which has been kept for too<br>
long.<br>
<br>
After 3.0 is released, we'll transition to a naming scheme that's a<br>
little more complex, but much clearer. The idea is that every packet<br>
has 3 stages:<br>
<br>
recv = receive the packet<br>
process = process the packet<br>
send = send the reply<br>
<br>
We can map the existing authorize / authenticate / etc. to these<br>
processing stages. That change will be initially confusing, but will be<br>
simpler. It will also enable the server to do more protocols that are<br>
in the works. :)<br>
<span class=""><font color="#888888"><br>
Alan DeKok.<br>
</font></span><div class=""><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div></div></div>