24-Dec-02 at 02:16, Frank Cusack ([EMAIL PROTECTED]) wrote :
> On Tue, Dec 24, 2002 at 09:46:31AM +0000, Simon White wrote:
> > It's just more complex than your average model of just authenticate then
> > authorize...
>
> That's being generous. It's not that it's more complex really, it's that
> FR is commingling authorize and authenticate, in large part due to certain
^^^^^
What a wonderful word - never heard it before, although it made sense -
and upon checking I find it is syntactically correct English.
> design weaknesses^Wdecisions of the RADIUS protocol itself.
Well that's true. A lot of people forget what RADIUS stands for on this
list. For the record:-
Remote Authentication Dial In User Service
i.e. NOT for SSH, telnet, etc. Cisco probably started that by allowing
you to use Radius for logging into routers.
> > maybe the section /should/ be called "preprocess" or
> > "check_auth_method" or something...
>
> preprocess is already used, but check_auth_method doesn't sound TOO shabby
> to me.
Well it's time for me to start commingling Christmas and my work
schedule. With a bit of luck I'll be out of the office a little early
today.
--
|-Simon White, Internet Services Manager, Certified Check Point CCSA.
|-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions.
|-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco.
|-MTDS tel +212.3.767.4861 - fax +212.3.767.4863
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
