Plug-in Question
Alan DeKok
aland at deployingradius.com
Fri Jul 6 10:35:21 CEST 2007
Tomas Hoger wrote:
> Isn't "authorize" better place for that? Even name suggests
> authorization should be done there... ;)
No. "authorize" is run before authentication for historical reasons.
Policies should really be applied *after* a user authenticates, which
means post-auth.
> Just wondering whether there's a good reason for not doing it in
> authorize and postpone it until post-auth. Besides using more common
> order of authentication and authorization steps.
The common order is authentication, then authorization. FreeRADIUS
mixes up the names for historical reasons.
Alan DeKok.
More information about the Freeradius-Users
mailing list