"Vic Abell" <[EMAIL PROTECTED]> wrote: > During development one thing struck me as odd: > authorization checks are done before the entity being > authorized is authenticated.
Yes, by design and intent. > It's been my experience that before an entity is > authorized it should be asked to prove itself via > authentication. > > Why does the Radius protocol reverse the order of > authentication and authorization? It's not the RADIUS protocol doing that, it's the implementation. The issue is that one of the authorization parameters is which authentication methods you are allowed to use. So the control flow should really go like: authorize which authentication type do authentication if authenticated, give additional authorization. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
