On Sun, 2007-09-02 at 15:36 +0100, George Beitis wrote: > Hi everyone, > I have a general question regarding Authorization in the RADIUS protocol > and how it is implemented in freeradius. What does the RADIUS protocol > refer to when it talks about Authorization, does it actually refer to > users being probably authorized after being authenticated, using the > protocol? Are there RADIUS specific attributes that are for > authorization? (not authentication). There are ways of implementing > authorization into freeradius, but do those simply overwrite the > authentication decision? DIAMETER provides such authorization messeges > from my understanding but the RADIUS protocol does not talk about any, > is this correct? >
As far as I understand, Radius is not a AAA server in the way you put it. Radius Authenticates, Accounts and sends Authorization configuration information to the NAS, which implements the Authorization. Radius does not enforce or restrict anything the NAS is not configured to perform, and can in fact the Authentication and Authorization can be overridden by the local configuration on the NAS or requesting Radius Proxy if in use. > thank you very much > > regards > George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
