RADIUS by

Authentication is the process of verifying a person’s (or machine’s) declared identity. You’re familiar with the most common form of authentication, using a combination of logon ID and a password, in which the knowledge of the password is a representation that the user is authentic. Distributing the password, however, destroys this method of authenticating, which prompted creators of e-commerce sites and other Internet-business transactors to require a stronger, more reliable authenticator. Digital certificates are one of the solutions here, and over the next five to ten years it’s likely that using digital certificates as a part of the public key infrastructure (PKI) will become the preferred authenticator on the Internet.

The key aspect of authentication is that it allows two unique objects to form a trust relationship—both are assumed to be valid users. Trust between systems allows for such key functionality as proxy servers, in which a system grants a request on behalf of another system and allows AAA implementations to span heterogeneous networks supporting different types of clients and services. Trust relationships can become quite complex, and I’ll talk more about them in a later section.