Service Provisioning Using AAA (FreeRadius)
Russell Mike
radius.sir at gmail.com
Wed Jun 5 17:54:17 CEST 2013
Hi John & Alan, Kindly clarify
Does this means, it is posible to use only authorize function of FR and
process all authentication requests with following virtual server?
1.
server accept_all_requests {
authorize {
update control {
Auth-Type := "Accept"
}
}
}
Thanks / Regards
--RM
On Wed, Jun 5, 2013 at 1:34 PM, Alan DeKok <aland at deployingradius.com>wrote:
> John Dennis wrote:
> > You're both right, now shake hands and make up :-) The problem with the
> > term authorization in radius is used in a non-standard way that leads to
> > confusion. The normal use of the term authorization (authz) indicates
> > what a principal is permitted to do and a principal must be validated
> > via authentication (authn) first. In radius authorization means
> > collecting information necessary to perform the authentication
> > operation. It's an unfortunate semantic difference that leads to a fair
> > amount of confusion (myself included), but after a while you get used to
> > it.
>
> It was a historical mistake in FreeRADIUS which has been kept for too
> long.
>
> After 3.0 is released, we'll transition to a naming scheme that's a
> little more complex, but much clearer. The idea is that every packet
> has 3 stages:
>
> recv = receive the packet
> process = process the packet
> send = send the reply
>
> We can map the existing authorize / authenticate / etc. to these
> processing stages. That change will be initially confusing, but will be
> simpler. It will also enable the server to do more protocols that are
> in the works. :)
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130605/6fd7eb66/attachment.html>
More information about the Freeradius-Users
mailing list