RADIUS
|
RADIUS (Remote Authentication Dial In User Service) is an Authentication, Authorization and Accounting (AAA) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
When you connect to an ISP using a modem, DSL, cable or wireless connection, you must enter your username and password. This information is passed to a NAS device over the PPP protocol, then to a RADIUS server over the RADIUS protocol. The RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP. If accepted, the server will then authorize access to the ISP system and select an IP address, L2TP parameters, etc.
The RADIUS server will also be notified when the session starts and stops, so that the user can be billed accordingly; or the data can be used for statistical purposes.
RADIUS was originally developed by Livingston Enterprises for their PortMaster series of Network Access Servers, but later (1997) published as RFC 2138 and RFC 2139. Now, several commercial and open-source RADIUS servers exist. Features can vary, but most can look up the users in text files, LDAP servers, various databases, etc. Accounting tickets can be written to text files, various databases, forwarded to external servers, etc. SNMP is often used for remote monitoring. RADIUS proxy servers are used for centralized administration and can rewrite RADIUS packets on the fly (for security reasons, or to convert between vendor dialects).
RADIUS is extensible; most vendors of RADIUS hardware and software implement their own dialects.
The DIAMETER protocol is the planned replacement for RADIUS, but is still backwards compatible.
Contents |
Standards
The RADIUS protocol is currently defined in RFC 2865 (authentication and authorization) and RFC 2866 (accounting). Other relevant RFC's are RFC 2548, RFC 2607, RFC 2618, RFC 2619, RFC 2620, RFC 2621, RFC 2809, RFC 2867, RFC 2868, RFC 2869, RFC 2882, RFC 3162 and RFC 3576.
Examples of RADIUS software
- Radius (http://www.gnu.org/software/radius/radius.html)
- FreeRADIUS (http://www.freeradius.org/)
- OpenRADIUS (http://www.xs4all.nl/~evbergen/openradius/)
- Cistron RADIUS (http://www.radius.cistron.nl/)
- Aradial RADIUS (http://www.aradial.com/)
- Radiator (http://www.open.com.au/radiator/)
- Steel-Belted Radius (http://www.funk.com/radius/default.asp)
- RADIUS implementation for Windows 2000 (http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_rap_intro.htm)
- RadiusNT & RadiusX (http://www.iea-software.com/products/radius5.cfm)
See also
External links
- An Analysis of the RADIUS Authentication Protocol (http://www.untruth.org/~josh/security/radius/radius-auth.html)
- List of RADIUS attributes (http://www.freeradius.org/rfc/attributes.html)de:RADIUS