George Beitis wrote: > thank you for your reply. I am writing up a part of my dissertation and > I 'm referring to freeradius and the RADIUS protocol trying to explain > how it works.
By accident, mostly. Like many practical systems, it was built to do something first, and to have theoretical rigor second. > From my research most people who use RADIUS for > authentication purposes. Noone gives a clear image of whether or not > they use it for authorization once they established authentication, so > in other words authentication and authorization become one the same. If the user hasn't been authenticated, he's likely not authorized to do anything. So yes, an "authentication succeeded" message most often includes statements of "you are authorized to do X, Y, and Z". > Do > you know of any products that can be used with freeradius to provide > such authorization facilities? Using perhaps policies? FreeRADIUS *does* implement policies which provide authorization facilities. Perhaps you meant to ask another question? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html