Skip to main content

Remote Authentication Dial In User Service

A client-server protocol that enables centralized management of user authentication and access control across various network services.

When using RADIUS, all three members of the AAA triad must be implemented using it. Authentication, authorization, and accounting are all done using RADIUS. While accounting can be spread across different servers, the authentication and authorization management must be done on the same server.

Features

  • Supports PPP, CHAP, and PAP
  • Uses a challenge-response method for authentication.
  • Doesn't transmit passwords in cleartext.
  • Uses a shared secret between the client and server.
  • Passwords are hashed before transmission and encrypted with MD5 and MD5 only.
  • Uses 1812/udp and 1813/udp, which are vulnerable to buffer overflow attacks.
  • Often includes vendor/implementation specific extensions, which may not be compatible across different vendors.
Back to top