17 Mar
2006
17 Mar
'06
12:59 p.m.
Alan DeKok wrote:
5.) Authorization is even if a password is correct, the user may not use/do something - correct?
Yes.
Strictly speaking, during the authorisation section of the FR config, you haven't determined the password is correct yet. You don't need me to tell you this of course - the reason I mention it is that I was under the impression the OP was thinking in terms of the more common definition where the flow is authen->authz->acct. Of course in Radius (and thus FR) the order of authz and authn is not that important since the authen algorithm (the only commonly important input to authz aside from OK/NO) is known at request time (except in EAP I guess).