Service Provisioning Using AAA (FreeRadius)

Russell Mike radius.sir at
Wed Jun 5 17:18:04 CEST 2013

Dear Alan DeKok & John Dennis

Thanks for your input, words and clarification. Explanation was very good.
Moreover, good to have people like you on the list.
Prabhpal Singh

On Wed, Jun 5, 2013 at 1:34 PM, Alan DeKok <aland at>wrote:

> John Dennis wrote:
> > You're both right, now shake hands and make up :-) The problem with the
> > term authorization in radius is used in a non-standard way that leads to
> > confusion. The normal use of the term authorization (authz) indicates
> > what a principal is permitted to do and a principal must be validated
> > via authentication (authn) first. In radius authorization means
> > collecting information necessary to perform the authentication
> > operation. It's an unfortunate semantic difference that leads to a fair
> > amount of confusion (myself included), but after a while you get used to
> > it.
>   It was a historical mistake in FreeRADIUS which has been kept for too
> long.
>   After 3.0 is released, we'll transition to a naming scheme that's a
> little more complex, but much clearer.  The idea is that every packet
> has 3 stages:
>         recv = receive the packet
>         process = process the packet
>         send = send the reply
>   We can map the existing authorize / authenticate / etc. to these
> processing stages.  That change will be initially confusing, but will be
>  simpler.  It will also enable the server to do more protocols that are
> in the works. :)
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list