Hey Alan, thank you for your reply. I am writing up a part of my dissertation and I 'm referring to freeradius and the RADIUS protocol trying to explain how it works. From my research most people who use RADIUS for authentication purposes. Noone gives a clear image of whether or not they use it for authorization once they established authentication, so in other words authentication and authorization become one the same. Do you know of any products that can be used with freeradius to provide such authorization facilities? Using perhaps policies? regards George Alan DeKok wrote:
George Beitis wrote:
I have a general question regarding Authorization in the RADIUS protocol and how it is implemented in freeradius. What does the RADIUS protocol refer to when it talks about Authorization, does it actually refer to users being probably authorized after being authenticated, using the protocol?
I guess. It's not really clear. i.e. No one knows...
Are there RADIUS specific attributes that are for authorization? (not authentication).
Most of them? The authentication attributes are User-Password, CHAP-Password, EAP-Message... and not much else. Most everything else are authorization related.
There are ways of implementing authorization into freeradius, but do those simply overwrite the authentication decision?
I have no idea what you mean by that.
DIAMETER provides such authorization messeges from my understanding but the RADIUS protocol does not talk about any, is this correct?
Diameter is useless. It's a wonderful theoretical design that no one has deployed in a real network.
Alan DeKok.