Chapter 6. Remote Access Dial-In User Service (RADIUS)
In our treatment of authentication models in Chapter 2, we mentioned that gradually people realized that to handle client authentications in large networks it is more practical to have backend authentication servers that offload the network's front-end point of attachment. Later on these back-end authentication servers became full-blown AAA servers that use specific AAA protocols, not only handle authentication but also authorization and accounting as well. The most widespread AAA protocol today is Remote Access Dial-In User Service, RADIUS.
RADIUS was originally designed to serve the purpose of allowing a NAS to forward a dial-up user's request and its credentials to a backend server (three-party authentication model, described in Chapter 2). The Access-Request, Access-Challenge message structure in Radius attests to the fact that Radius was originally designed to accommodate PAP and CHAP. However, due to its extensible nature; RADIUS is able to support more complex EAP-authentication methods through support for EAP. Furthermore, RADIUS was later extended to provide authorization and accounting procedures.
In this chapter we intend to provide an overview of IETF RADIUS specifications. We will provide some highlights of current work in progress in extending RADIUS. In later chapters, such as Chapters 8 and 10, we will provide more examples of the usage of RADIUS in conjunction with Mobile IP and various EAP authentication ...
Get AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
