Alan DeKok wrote:
5.) Authorization is even if a password is correct, the user may not
use/do something - correct?
Yes.
Strictly speaking, during the authorisation section of the FR config,
you haven't determined the password is correct yet. You don't need me to
tell you this of course - the reason I mention it is that I was under
the impression the OP was thinking in terms of the more common
definition where the flow is authen->authz->acct.
Of course in Radius (and thus FR) the order of authz and authn is not
that important since the authen algorithm (the only commonly important
input to authz aside from OK/NO) is known at request time (except in EAP
I guess).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Re: General question about authentication/authorization Phil Mayers
-
