George Beitis wrote: > I have a general question regarding Authorization in the RADIUS protocol > and how it is implemented in freeradius. What does the RADIUS protocol > refer to when it talks about Authorization, does it actually refer to > users being probably authorized after being authenticated, using the > protocol?
I guess. It's not really clear. i.e. No one knows... > Are there RADIUS specific attributes that are for > authorization? (not authentication). Most of them? The authentication attributes are User-Password, CHAP-Password, EAP-Message... and not much else. Most everything else are authorization related. > There are ways of implementing > authorization into freeradius, but do those simply overwrite the > authentication decision? I have no idea what you mean by that. > DIAMETER provides such authorization messeges > from my understanding but the RADIUS protocol does not talk about any, > is this correct? Diameter is useless. It's a wonderful theoretical design that no one has deployed in a real network. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html