On 06/05/2013 05:29 AM, Prabhpal S. Mavi wrote:
Am Dienstag, 4. Juni 2013, 10:45:01 schrieb Russell Mike:
Hi List
After googling for few days still not so much clear. Therefore, i have
decided to implement three *"A"* in three different steps. For now, i
only
want to use Authorize function of FR. i do not want authentication &
Accounting BUT authorization.
No. How can you authorize somebody without beeing sure who that user is. Only
authentication provides that information. So you need authentication and
authorization.
Hello MS.
I do not agree to your response.
Authorization is a process where information in a request is evaluated.
This information may be used to validate against information about the
user that was obtained from file, database, or LDAP directory.
Authorization happens before authentication
and does not involve the checking of a password. We can use various logic
and comparisons to determine if a user is authorized to connect to a
network. i look forward be hear back....
You're both right, now shake hands and make up :-) The problem with the
term authorization in radius is used in a non-standard way that leads to
confusion. The normal use of the term authorization (authz) indicates
what a principal is permitted to do and a principal must be validated
via authentication (authn) first. In radius authorization means
collecting information necessary to perform the authentication
operation. It's an unfortunate semantic difference that leads to a fair
amount of confusion (myself included), but after a while you get used to it.
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
