> > The FreeRADIUS authorization process retrieves the > attribute information needed to perform the authentication > process. IE, retrieving a password, setting the auth-type > to use CHAP, PAP, EAP, etc. You can't authenticate the user > until you know how you are supposed to authenticate them. That > means pulling the password info. > > The authorization information is *not* sent back to the NAS > unless the users is successfully authenticated, so there is > no exposure of info ( unless very poorly configured ). Why > do two lookups ( one to get password, one to get author info ) > when you can do one lookup to get all info? >
Hi, so the "authorization" in the FreeRadius means "gather the information for authentication", am I right? In the usual concept, the authorization means "I know who you are, then I give you your rights (or privileges)", like how long you can access the network. So the "authorization" in the FreeRadius is different from the usual concept. If I am not correct, please correct me, thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
