6 Jul
2007
6 Jul
'07
4:35 a.m.
Tomas Hoger wrote:
Isn't "authorize" better place for that? Even name suggests authorization should be done there... ;)
No. "authorize" is run before authentication for historical reasons. Policies should really be applied *after* a user authenticates, which means post-auth.
Just wondering whether there's a good reason for not doing it in authorize and postpone it until post-auth. Besides using more common order of authentication and authorization steps.
The common order is authentication, then authorization. FreeRADIUS mixes up the names for historical reasons. Alan DeKok.