Why Authorization before Authentication?

Edgar Fuß ef at math.uni-bonn.de
Wed Nov 23 13:34:08 CET 2011

A probably simple question I could not find explained in the FAQ or the Concepts section:

Given that Authentication is proving who I am and Authorization is checking what I'm allowed to do, I naively would have expected a RADIUS server to first authenticate me an then check my authorization.
Surely for a reason, what FreeRADIUS does is the other way round: first try all authorization modules and then use one authentication module.
I hope I got this right.
I would like to be pointed to a document explaining the rationale behind this. It's probably obvious to anyone familiar with the matter, but that doesn't include me.


More information about the Freeradius-Users mailing list