RADIUS is a protocol that enables a single server to become responsible for all remote access authentication, authorization, and auditing (or accounting) services.
RADIUS functions as a client/server system.
The remote user dials in or connects to, the remote access server, which acts as a RADIUS client, or network access server (NAS), and connects to a RADIUS server.
The RADIUS server performs authentication, authorization, and auditing (or accounting) functions and returns the information to the RADIUS client (which is remote access server running RADIUS client software); the connection is either established or rejected based on the information received.
- RFC 2865 and RFC 2866 for RADIUS accounting
- Very flexible and open ended.
- Handles passwords, logins, etc. – lots of extensions
- Uses UDP at the Transport Layer
RADIUS devices on different networks can communicate about authority for users to proceed. Sharing users details with foreign network is bad news – so avoid it.