ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiy_5.4.0.1/rzaiyradiusovw.htm

74 lines
5.0 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="RADIUS overview" />
<meta name="abstract" content="Remote Authentication Dial In User Service (RADIUS) is an Internet standard protocol which provides centralized authentication, accounting and IP management services for remote access users in a distributed dial-up network." />
<meta name="description" content="Remote Authentication Dial In User Service (RADIUS) is an Internet standard protocol which provides centralized authentication, accounting and IP management services for remote access users in a distributed dial-up network." />
<meta name="DC.Relation" scheme="URI" content="rzaiysysauth.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiyradiusexample.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiyradiusovw" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>RADIUS overview</title>
</head>
<body id="rzaiyradiusovw"><a name="rzaiyradiusovw"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">RADIUS overview</h1>
<div><p><dfn class="term">Remote Authentication Dial In User Service (RADIUS)</dfn> is
an Internet standard protocol which provides centralized authentication, accounting
and IP management services for remote access users in a distributed dial-up
network.</p>
<div class="section"><p>The RADIUS client-server model has a Network Access Server (NAS)
operating as a client to a RADIUS server. The iSeries™ Server, acting as the NAS, sends
user and connection information to a designated RADIUS server using the RADIUS
standard protocol defined in RFC 2865.</p>
</div>
<div class="section"><p>RADIUS servers act on received user connection requests by authenticating
the user and then returns all configuration information necessary, to the
NAS, so that the NAS (iSeries Server) can deliver authorized services to
the authenticated dial-in user.</p>
</div>
<div class="section"><p>If a RADIUS server cannot be reached, the iSeries server can route authentication
requests to an alternate server. This enables global enterprises to offer
their users a dial-in service with a unique login user ID for corporate wide
access, no matter what access point is being used.</p>
</div>
<div class="section"><p>When an authentication request is received by the RADIUS server,
the request is validated, then the RADIUS server decrypts the data packet
to access the user name and password information. The information is passed
onto the appropriate security system being supported. This might be UNIX<sup>®</sup> password
files, Kerberos, a commercial security system, or even a custom-developed
security system. The RADIUS server sends back to the iSeries server any services the authenticated
user is authorized to use, such as an IP address. RADIUS accounting requests
are handled in a similar manner. Remote user's accounting information can
be sent to a designated RADIUS accounting server. The RADIUS Accounting standard
protocol is defined in RFC 2866. The RADIUS accounting server acts on received
accounting requests by logging the information from the RADIUS accounting
request. </p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiysysauth.htm" title="PPP connections with an iSeries server support several options for authenticating both remote clients dialing in to the iSeries, and connections to an ISP or other server that the iSeries is dialing.">System authentication</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzaiyradiusexample.htm" title="A Network Access Server (NAS) running on the iSeries server can route authentication requests from dial-in clients to a separate RADIUS server. If authenticated, RADIUS can also control the IP addresses to the user.">Scenario: Authenticate dial-up connections with RADIUS NAS</a></div>
</div>
</div>
</body>
</html>