"Scott Bartlett" <[EMAIL PROTECTED]> wrote: > Despite trying to be constructive and give some input, especially with > respect to helping out newbies who may not necessarily be UNIX > programmers or gurus...
and who are often unwilling to read the existing documentation and source code to see why or how the server works... > ... I got the answer I expected from you: crude, insulting, inaccurate > and dismissive. Thanks. <shrug> I get that complaint a lot when I try to educate people. Crude? Maybe. One acronym out of 3 messages. Insulting? Nonsense. I didn't call you names. Inaccurate? Nonsense. I understand the way the server works, and described it accurately. Dismissive? Absolutely. You asked a question which comes up every month or so on the list. The issues are addressed in the existing docs and source code, AND in the mailing list archives. Did you look at them before posting your question? Nope. Now do you understand why my response was dismissive? > (In brief: I wasn't commenting on *how* FreeRadius works - I think it's > great - but just in some terminology/clarity, mostly as an aid to help > users trying to get to grips with it. We're not all UNIX gods.) The existing documentation is as clear as we know how to make it, given the time and effort limitations we've had. If it isn't good enough, suggest patches. The only problem is, that the patches must be vetted and approved before going in. You suggested alternative wording, and I disagreed with it. Sorry, but that happens. > Compare my above 'adhoc' definition with the one below which you agree > '100%' with: well, I read them basically the same. I don't. That's the foundation of our miscommunication. > Despite the shortcomings of RADIUS (and I'm no expert here by any > means) the rest of the world seems to agree from what I can > tell. Why have you changed the meaning of pretty much standard > terms? I haven't. The terms have nuances that you're unaware of. I'm sorry I was trying to educate you as to those nuances, if that education upset you. > As for writing my own radius server: a nice practical tip that. Not. <shrug> It's an obvious way of discovering those nuances for yourself. It's also a polite way of saying "If you don't understand how something works, or with the definitions of the terms used, then don't argue with how it works, or how those terms are defined." > I would add that if you're 'authorizing' users to use an > 'authentication' method you're possibly making a mockery of the > fall-through and default user features. I don't deny that the authorization stage is overloaded. I've said that repeatedly here on the list. But until we have a better alternative, the current method is as good as it gets. I've read your alternatives, and I disagree with them. > Off the top of my head (admittedly with little thought) how about: > "answer: the server is bright enough to check each of the methods it has > available (maybe to some admin-defined criteria or list) to try to > identify (authenticate) then authorize the user". There. Wasn't hard > was it? In fact, I think this applies to FreeRadius already. It's just > a better way of saying it. That statement confuses me. What of it I understand is wrong. The server does NOT "check each of the methods it has available for authentication". It looks at the request, at the local configuration, and picks ONE authentication method. It does NOT check each authentication method. Yes, I'm being pedantic here. But if the text used to describe how the server works is wrong, then people will be even MORE confused. > > Again, nonsense. Design a RADIUS server, and then see what stages > >are required. > > Thanks for the practical response. I assume you also built your own > house, grow your own food and smelted the ore and refined the fuel to > build and run your own car. Oh, and wrote *all* the software on your own > computer. No, but I also don't tell the people who built my house that they're doing it wrong, and that the vocabulary they're using is wrong. That's what you're doing here, and you're *surprised* that my response was as polite as it was? > If my point is crap, tell me and tell me why. I did, and you got upset. I guess I shouldn't make that mistake again. > Let's talk plain English here for a moment: people say things like "I'm > authenticating my users against an SQL database". OK, so this phrase > might be technically wrong, but I know what they mean, pretty clearly > too. I think people use the word 'authenticate' because they're talking > about the place which holds the passwords. They just do. Thus, if a user > is 'authenticating against an SQL database' they come unstuck wondering > why they put 'sql' in the 'authorize' section in radiusd.conf and not in > the 'authenticate' section. That was the point I was trying to make - > the users get confused over terminology, so would it be an idea to clear > it up a bit. But the terminology is correct. It's the users who are wrong. The solution isn't to do a Microsoft, and totally break everything to make it "work" the way any random uneducated user expects. The solution is to do it RIGHT, and then to educate the users as to WHY and HOW it's done right. This, I believe, is our main point of disagreement. I want to see it done right. I want to sit on the list and educate people as to how and why it's done right. You got upset when I tried to educate you, and suggested changing the terminology to satisfy your expectations. I refused to go along with that suggestion, and will *always* refuse to go along with any suggestion I disagree with. e.g. Your opinion that authentication and authorization are "kind of all in one." They're not, and never will be. > Well, that's me put off trying to be helpful to this community... and I > was desperately trying to find time to update those notes I wrote too... I'm sorry you're upset that I disagreed with you. I will understand if you refuse to give anything more to the FreeRADIUS project. But I'll still be on the list, answering questions (including yours). I'll still write more software that you will be free to use. That's another area where we differ, I guess. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
