SecurityServers

From
Revision as of 13:52, 10 April 2005 by 62.90.113.88 (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Radius is a server for remote user authentication and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.

The package includes an authentication and accounting server and some administrator tools.

  • Authentication Schemes

Radius supports a wide variety of authentication schemes. A user supplies his authentication data to the server either directly by answering the terminal server's login/password prompts, or using PAP or CHAP protocols. The server obtains the user's personal data from one of the following places:

  • System Database

The user's login and password are stored in /etc/passwd on the server, i.e. they are a "normal" UNIX user on the system. Internal Database The user's login ID, password etc. are stored in the internal radius database. The user's password is stored in encrypted form using either MD5 or DES hash, whichever is appropriate. Alternatively, a plaintext password can also be used if CHAP protocol is being used, CHAP usage is strongly discouraged for security reasons. SQL authentication User's details are stored in an SQL database. The database structure is fully determined by the system administrator, Radius does not restrict it in any way. See Interaction with SQL Servers. PAM authentication User is authenticated via PAM (Pluggable Authentication Service) framework. See the Linux PAM homepage for more details. Accounting Schemes Radius has three built-in accounting schemes:

  • Unix accounting

Accounting data are stored in radutmp/radwtmp files and can be viewed using radwho and radlast commands. Both commands are upward compatible with their Unix counterparts who and last. Detailed accounting The detailed accounting information is stored in plain text format. The resulting files can easily be parsed using standard text processing tools (grep, awk, etc.)

  • SQL accounting

Upon receiving accounting information Radius stores it in an SQL database. This can then be processed using standard SQL queries. Radius is extensible and new accounting methods can be added using the extension language.

Examples of Radius/AAA servers:

Free Radius server

Free Diameter server

Open Radius server

Comercial:

Aradial RADIUS Server

Hotspot RADIUS Server

See also: RadiusServers