Authorization in RADIUS, Authorization in freeradius

Alan DeKok aland at deployingradius.com
Sun Sep 2 18:59:18 CEST 2007


George Beitis wrote:
> thank you for your reply.  I am writing up a part of my dissertation and
> I 'm referring to freeradius and the RADIUS protocol trying to explain
> how it works.

  By accident, mostly.  Like many practical systems, it was built to do
something first, and to have theoretical rigor second.

>  From my research most people who use RADIUS for
> authentication purposes.  Noone gives a clear image of whether or not
> they use it for authorization once they established authentication, so
> in other words authentication and authorization become one the same.

  If the user hasn't been authenticated, he's likely not authorized to
do anything.  So yes, an "authentication succeeded" message most often
includes statements of "you are authorized to do X, Y, and Z".

>  Do
> you know of any products that can be used with freeradius to provide
> such authorization facilities?  Using perhaps policies?

  FreeRADIUS *does* implement policies which provide authorization
facilities.

  Perhaps you meant to ask another question?

  Alan DeKok.



More information about the Freeradius-Users mailing list