Radius - PowerPoint PPT Presentation

About This Presentation
Title:

Radius

Description:

Radius Dave Grizzanti Steve Curti What is RADIUS? Remote Authentication Dial-In User Service (RADIUS) is a protocol for remote user authentication and accounting. – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 11
Provided by: Regis231
Category:
Tags: radius

less

Transcript and Presenter's Notes

Title: Radius


1
Radius
  • Dave Grizzanti
  • Steve Curti

2
What is RADIUS?
  • Remote Authentication Dial-In User Service
    (RADIUS) is a protocol for remote user
    authentication and accounting.
  • Its primary use is for Internet Service
    Providers to authenticate username and passwords,
    though it may as well be used on any network that
    needs a centralized authentication and/or
    accounting service for its workstations.

3
Why use Radius?
  • The embedded systems generally cannot deal with a
    large number of users with distinct
    authentication information. This requires more
    storage than many embedded systems possess.
  • RADIUS facilitates centralized user
    administration, which is important for several of
    these applications. Many ISPs have tens of
    thousands, hundreds of thousands, or even
    millions of users. Users are added and deleted
    continuously throughout the day, and user
    authentication information changes constantly.
  • RADIUS consistently provides some level of
    protection against a sniffing, active attacker.
    Other remote authentication protocols provide
    either intermittent protection, inadequate
    protection or non-existent protection.
  • RADIUS support is nearly omni-present. Other
    remote authentication protocols do not have
    consistent support from hardware vendors, whereas
    RADIUS is uniformly supported. RADIUS is
    exclusive to its own protocol.

4
Protocol
  • Code - An octet containing the RADIUS
    command/response.
  • Identifier - An octet used to match the command
    and response.
  • Length - The length of the packet (2 octets).
  • Authenticator - Value used to authenticate the
    reply from the RADIUS server, and is used in the
    password hiding algorithm..
  • Attributes - The data belonging to the command or
    response.

5
Protocol
  • RADIUS communication uses the request-response
    paradigm, request are issued by the client and
    send to the server, responses are issued by the
    server and send to the client. Possible
    request-response pairs are
  • access-request, (client-gtserver), request access
    for an user with certain services. The possible
    responses this this command are
  • access-accept, (server-gtclient), positive
    response on an access-request from a client.
  • access-reject, (server-gtclient), negative
    response on an access-request from a client.
  • access-challenge, (server-gtclient), response on
    an access-request, where the server expects a
    response from the client encapsulated in an
    access-request.
  • accounting request, (client-gtserver), request to
    store accounting data within packet on the
    server. The response for this command is
  • accounting response, (server-gtclient), response
    to client when accounting data has successfully
    been stored on the server.

6
RADIUS Diagram
7
Sequence Diagram
8
Sequence Diagram
  1. Network Access Server get username/password pair
    from remote user, crypts this information with a
    shared secret key and sends this with an
    'Access-request' to the RADIUS Server
    (Authentication phase).
  2. When the user and password combination is valid
    then the RADIUS Server sends an 'Accept-accept'
    with extra information (For example IP-address,
    network mask, allowed session time, etc.) to the
    Network Access Server (Authorization phase).
  3. The network Access Server sends an
    'Accounting-request (start)' to indicate that the
    user is logged onto the network (Accounting
    phase).
  4. The RADIUS Server responds with an
    'Accounting-response' when the accounting
    information is stored.

9
Sequence Diagram
  • When a user logs out then the Network Access
    Server will send an 'Accounting-request (Stop)'
    with the following information
  • Delay time, the time it's trying to send this
    message.
  • Input octets, the number of octets received by
    the user.
  • Output octets, the number of octets send by the
    user.
  • Session time, the number of second the user is
    logged on.
  • Input packets, the number of packets received by
    the user.
  • Output packets, the number of packets send by the
    user.
  • Reason, reason why the user is disconnected from
    the network.
  • The RADIUS Server responds with an
    'Accounting-response' when the accounting
    information is stored.

10
Setup
  • Downloaded freeradius tarball from
    freeradius.org.
  • After installation, edited configuration files.
  • Clients.conf
  • Users
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Radius" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!