Authorization in RADIUS, Authorization in freeradius
Alan DeKok
aland at deployingradius.com
Sun Sep 2 17:14:07 CEST 2007
George Beitis wrote:
> I have a general question regarding Authorization in the RADIUS protocol
> and how it is implemented in freeradius. What does the RADIUS protocol
> refer to when it talks about Authorization, does it actually refer to
> users being probably authorized after being authenticated, using the
> protocol?
I guess. It's not really clear. i.e. No one knows...
> Are there RADIUS specific attributes that are for
> authorization? (not authentication).
Most of them? The authentication attributes are User-Password,
CHAP-Password, EAP-Message... and not much else. Most everything else
are authorization related.
> There are ways of implementing
> authorization into freeradius, but do those simply overwrite the
> authentication decision?
I have no idea what you mean by that.
> DIAMETER provides such authorization messeges
> from my understanding but the RADIUS protocol does not talk about any,
> is this correct?
Diameter is useless. It's a wonderful theoretical design that no one
has deployed in a real network.
Alan DeKok.
More information about the Freeradius-Users
mailing list