Remote authentication dial-in user service server

Edit online

IBM®'s Remote Authentication Dial-In User Service (RADIUS) is a network access protocol designed to do authentication, authorization, and accounting. It is a port-based protocol that defines the communications between Network Access Servers (NAS) and authentication and accounting servers.

A NAS operates as a client of RADIUS. Transactions between the client and the RADIUS server are authenticated through the use of a shared secret, which is not sent over the network. Any user passwords sent between the client and the RADIUS server are encrypted.

The client is responsible for passing user information to designated RADIUS servers and then acting on the response that is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers when advanced proxy information is configured. RADIUS uses User Datagram Protocol (UDP) as the transport protocol.

The RADIUS authentication and authorization protocol is based on the IETF RFC 2865 standard. The server also provides the accounting protocol defined in RFC 2866. Other standards supported are RFC 2284 (EAP), parts of RFC 2869, the password expiration messages of RFC 2882, MD5-Challenge, and TLS. For more information on these RFCs, see the following links:

IETF RFC 2865: http://www.ietf.org/rfc/rfc2865.txt
RFC 2866: http://www.ietf.org/rfc/rfc2866.txt
RFC 2284: http://www.ietf.org/rfc/rfc2284.txt
RFC 2869: http://www.ietf.org/rfc/rfc2869.txt
RFC 2882: http://www.ietf.org/rfc/rfc2882.txt

You can also view all of these RFC standards at http://www.ietf.org.