Dear Alan DeKok & John Dennis Thanks for your input, words and clarification. Explanation was very good. Moreover, good to have people like you on the list. Regards Prabhpal Singh On Wed, Jun 5, 2013 at 1:34 PM, Alan DeKok <aland@deployingradius.com>wrote:
John Dennis wrote:
You're both right, now shake hands and make up :-) The problem with the term authorization in radius is used in a non-standard way that leads to confusion. The normal use of the term authorization (authz) indicates what a principal is permitted to do and a principal must be validated via authentication (authn) first. In radius authorization means collecting information necessary to perform the authentication operation. It's an unfortunate semantic difference that leads to a fair amount of confusion (myself included), but after a while you get used to it.
It was a historical mistake in FreeRADIUS which has been kept for too long.
After 3.0 is released, we'll transition to a naming scheme that's a little more complex, but much clearer. The idea is that every packet has 3 stages:
recv = receive the packet process = process the packet send = send the reply
We can map the existing authorize / authenticate / etc. to these processing stages. That change will be initially confusing, but will be simpler. It will also enable the server to do more protocols that are in the works. :)
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html