George Beitis wrote:
I have a general question regarding Authorization in the RADIUS protocol and how it is implemented in freeradius. What does the RADIUS protocol refer to when it talks about Authorization, does it actually refer to users being probably authorized after being authenticated, using the protocol?
I guess. It's not really clear. i.e. No one knows...
Are there RADIUS specific attributes that are for authorization? (not authentication).
Most of them? The authentication attributes are User-Password, CHAP-Password, EAP-Message... and not much else. Most everything else are authorization related.
There are ways of implementing authorization into freeradius, but do those simply overwrite the authentication decision?
I have no idea what you mean by that.
DIAMETER provides such authorization messeges from my understanding but the RADIUS protocol does not talk about any, is this correct?
Diameter is useless. It's a wonderful theoretical design that no one has deployed in a real network. Alan DeKok.