Edgar Fuß
2011-11-23 12:34:08 UTC
A probably simple question I could not find explained in the FAQ or the Concepts section:
Given that Authentication is proving who I am and Authorization is checking what I'm allowed to do, I naively would have expected a RADIUS server to first authenticate me an then check my authorization.
Surely for a reason, what FreeRADIUS does is the other way round: first try all authorization modules and then use one authentication module.
I hope I got this right.
I would like to be pointed to a document explaining the rationale behind this. It's probably obvious to anyone familiar with the matter, but that doesn't include me.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Given that Authentication is proving who I am and Authorization is checking what I'm allowed to do, I naively would have expected a RADIUS server to first authenticate me an then check my authorization.
Surely for a reason, what FreeRADIUS does is the other way round: first try all authorization modules and then use one authentication module.
I hope I got this right.
I would like to be pointed to a document explaining the rationale behind this. It's probably obvious to anyone familiar with the matter, but that doesn't include me.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html