Hi John & Alan, Kindly clarify Does this means, it is posible to use only authorize function of FR and process all authentication requests with following virtual server? 1. server accept_all_requests { authorize { update control { Auth-Type := "Accept" } } } Thanks / Regards --RM On Wed, Jun 5, 2013 at 1:34 PM, Alan DeKok <aland@deployingradius.com>wrote:
John Dennis wrote:
You're both right, now shake hands and make up :-) The problem with the term authorization in radius is used in a non-standard way that leads to confusion. The normal use of the term authorization (authz) indicates what a principal is permitted to do and a principal must be validated via authentication (authn) first. In radius authorization means collecting information necessary to perform the authentication operation. It's an unfortunate semantic difference that leads to a fair amount of confusion (myself included), but after a while you get used to it.
It was a historical mistake in FreeRADIUS which has been kept for too long.
After 3.0 is released, we'll transition to a naming scheme that's a little more complex, but much clearer. The idea is that every packet has 3 stages:
recv = receive the packet process = process the packet send = send the reply
We can map the existing authorize / authenticate / etc. to these processing stages. That change will be initially confusing, but will be simpler. It will also enable the server to do more protocols that are in the works. :)
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html