Service Provisioning Using AAA (FreeRadius)

Russell Mike radius.sir at gmail.com
Wed Jun 5 17:18:04 CEST 2013


Dear Alan DeKok & John Dennis

Thanks for your input, words and clarification. Explanation was very good.
Moreover, good to have people like you on the list.
Regards
Prabhpal Singh


On Wed, Jun 5, 2013 at 1:34 PM, Alan DeKok <aland at deployingradius.com>wrote:

> John Dennis wrote:
> > You're both right, now shake hands and make up :-) The problem with the
> > term authorization in radius is used in a non-standard way that leads to
> > confusion. The normal use of the term authorization (authz) indicates
> > what a principal is permitted to do and a principal must be validated
> > via authentication (authn) first. In radius authorization means
> > collecting information necessary to perform the authentication
> > operation. It's an unfortunate semantic difference that leads to a fair
> > amount of confusion (myself included), but after a while you get used to
> > it.
>
>   It was a historical mistake in FreeRADIUS which has been kept for too
> long.
>
>   After 3.0 is released, we'll transition to a naming scheme that's a
> little more complex, but much clearer.  The idea is that every packet
> has 3 stages:
>
>         recv = receive the packet
>         process = process the packet
>         send = send the reply
>
>   We can map the existing authorize / authenticate / etc. to these
> processing stages.  That change will be initially confusing, but will be
>  simpler.  It will also enable the server to do more protocols that are
> in the works. :)
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130605/8e89e4e4/attachment-0001.html>


More information about the Freeradius-Users mailing list