General question about authentication/authorization
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 17 18:59:43 CET 2006
Alan DeKok wrote:
>> 5.) Authorization is even if a password is correct, the user may not
>> use/do something - correct?
>
> Yes.
Strictly speaking, during the authorisation section of the FR config,
you haven't determined the password is correct yet. You don't need me to
tell you this of course - the reason I mention it is that I was under
the impression the OP was thinking in terms of the more common
definition where the flow is authen->authz->acct.
Of course in Radius (and thus FR) the order of authz and authn is not
that important since the authen algorithm (the only commonly important
input to authz aside from OK/NO) is known at request time (except in EAP
I guess).
More information about the Freeradius-Users
mailing list