On Tue, Dec 24, 2002 at 09:35:02AM -0000, Scott Bartlett wrote: > In FR 0.8, the file /docs/aaa.txt describes 'authorization' and > 'authentication' from FreeRadius' point of view and process. [...] > My reading of /docs/aaa.txt - which is very FreeRadius specific and > detailed - gives me the impression that FreeRadius doesn't seem follow > that analogy (at least linguistically speaking, if not technically too) > and has possibly left me more confused than before as to what FreeRadius > is actually doing when and why. Not that I really need to know (hey, it > works for me!), but I'm curious. I'm cool with what /docs/aaa.txt is > telling me FreeRadius actually does - I'm just not feeling comfortable > with the uses of the words 'authenticate' and 'authorize' in there. [...] > Is this just me (am I on the wrong track here?)? If I'm still a bit > confused having been a user of FreeRadius for over a year, I'm a bit > worried about new users having a hard time of it...
Yes, freeradius' use of the term 'authorization' is bad. Somebody should fix it up someday. Part of the problem is that the RADIUS protocol does not have a real distinction between authentication and authorization (cf. TACACS+). This has led to freeradius' ill-considered overloading of the term. That said (I feel your pain), once you know what 'authorization' means for freeradius, life goes on. :-) /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
