Authorization in RADIUS, Authorization in freeradius

George Beitis george.beitis at gmail.com
Sun Sep 2 17:52:39 CEST 2007


Hey Alan,
thank you for your reply.  I am writing up a part of my dissertation and
I 'm referring to freeradius and the RADIUS protocol trying to explain
how it works.  From my research most people who use RADIUS for
authentication purposes.  Noone gives a clear image of whether or not
they use it for authorization once they established authentication, so
in other words authentication and authorization become one the same.  Do
you know of any products that can be used with freeradius to provide
such authorization facilities?  Using perhaps policies?

regards
George

Alan DeKok wrote:
> George Beitis wrote:
>   
>> I have a general question regarding Authorization in the RADIUS protocol
>> and how it is implemented in freeradius.  What does the RADIUS protocol
>> refer to when it talks about Authorization, does it actually refer to
>> users being probably authorized after being authenticated, using the
>> protocol?
>>     
>
>   I guess.  It's not really clear.  i.e. No one knows...
>
>   
>>  Are there RADIUS specific attributes that are for
>> authorization? (not authentication).
>>     
>
>   Most of them?  The authentication attributes are User-Password,
> CHAP-Password, EAP-Message... and not much else.  Most everything else
> are authorization related.
>
>   
>>  There are ways of implementing
>> authorization into freeradius, but do those simply overwrite the
>> authentication decision?
>>     
>
>   I have no idea what you mean by that.
>
>   
>>  DIAMETER provides such authorization messeges
>> from my understanding but the RADIUS protocol does not talk about any,
>> is this correct?
>>     
>
>   Diameter is useless.  It's a wonderful theoretical design that no one
> has deployed in a real network.
>
>   Alan DeKok.
>
>
>   




More information about the Freeradius-Users mailing list