中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeRadius: Remote Authentication Dial In User Service

Radius: Remote Authentication Dial In User Service

Radius is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server. RADIUS also carries accounting information between a Network Access Server and a shared Accounting Server. Radius uses UDP as the transport protocol.

Key features of RADIUS are:

  • Client/Server Model: A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.
  • Network Security: Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that someone snooping on an unsecure network could determine a user"s password.
  • Flexible Authentication Mechanisms: The RADIUS server can support a variety of methods to authenticate a user. When it is provided with the user name and original password given by the user, it can support PPP PAP or CHAP, UNIX login, and other authentication mechanisms.
  • Extensible Protocol: All transactions are comprised of variable length Attribute-Length-Value 3-tuples. New attribute values can be added without disturbing existing implementations of the protocol.

Protocol Structure

8 bits 16 bits 32 bits
Code Identifier Length
Authenticator (16 bytes)
  • Code - The message type as described as follows:
    • 1 Access-Request
    • 2 Access-Accept
    • 3 Access-Reject
    • 4 Accounting-Request
    • 5 Accounting-Response
    • 11 Access-Challenge
    • 12 Status-Server (experimental)
    • 13 Status-Client (experimental)
    • 255 Reserved
  • Identifier - The identifier matches requests and replies.
  • Length - The message length including the header.
  • Authenticator - A field used to authenticate the reply from the radius server and in the password hiding algorithm.

Related protocols: UDP, CHAP, RAP

Sponsor Source: RADIUS is defined by IETF (http://www.ietf.org) RFC 2865 an RFC 2866.

Reference:
http://www.javvin.com/protocol/rfc2865.pdf : Remote Authentication Dial In User Service (RADIUS).
http://www.javvin.com/protocol/rfc2866.pdf : RADIUS Accounting

‹ PPTP: Point to Point Tunneling ProtocolupSocks: Protocol for sessions traversal across firewall securely ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
1 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.