74 lines
5.0 KiB
HTML
74 lines
5.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="reference" />
|
|
<meta name="DC.Title" content="RADIUS overview" />
|
|
<meta name="abstract" content="Remote Authentication Dial In User Service (RADIUS) is an Internet standard protocol which provides centralized authentication, accounting and IP management services for remote access users in a distributed dial-up network." />
|
|
<meta name="description" content="Remote Authentication Dial In User Service (RADIUS) is an Internet standard protocol which provides centralized authentication, accounting and IP management services for remote access users in a distributed dial-up network." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiysysauth.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiyradiusexample.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaiyradiusovw" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>RADIUS overview</title>
|
|
</head>
|
|
<body id="rzaiyradiusovw"><a name="rzaiyradiusovw"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">RADIUS overview</h1>
|
|
<div><p><dfn class="term">Remote Authentication Dial In User Service (RADIUS)</dfn> is
|
|
an Internet standard protocol which provides centralized authentication, accounting
|
|
and IP management services for remote access users in a distributed dial-up
|
|
network.</p>
|
|
<div class="section"><p>The RADIUS client-server model has a Network Access Server (NAS)
|
|
operating as a client to a RADIUS server. The iSeries™ Server, acting as the NAS, sends
|
|
user and connection information to a designated RADIUS server using the RADIUS
|
|
standard protocol defined in RFC 2865.</p>
|
|
</div>
|
|
<div class="section"><p>RADIUS servers act on received user connection requests by authenticating
|
|
the user and then returns all configuration information necessary, to the
|
|
NAS, so that the NAS (iSeries Server) can deliver authorized services to
|
|
the authenticated dial-in user.</p>
|
|
</div>
|
|
<div class="section"><p>If a RADIUS server cannot be reached, the iSeries server can route authentication
|
|
requests to an alternate server. This enables global enterprises to offer
|
|
their users a dial-in service with a unique login user ID for corporate wide
|
|
access, no matter what access point is being used.</p>
|
|
</div>
|
|
<div class="section"><p>When an authentication request is received by the RADIUS server,
|
|
the request is validated, then the RADIUS server decrypts the data packet
|
|
to access the user name and password information. The information is passed
|
|
onto the appropriate security system being supported. This might be UNIX<sup>®</sup> password
|
|
files, Kerberos, a commercial security system, or even a custom-developed
|
|
security system. The RADIUS server sends back to the iSeries server any services the authenticated
|
|
user is authorized to use, such as an IP address. RADIUS accounting requests
|
|
are handled in a similar manner. Remote user's accounting information can
|
|
be sent to a designated RADIUS accounting server. The RADIUS Accounting standard
|
|
protocol is defined in RFC 2866. The RADIUS accounting server acts on received
|
|
accounting requests by logging the information from the RADIUS accounting
|
|
request. </p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiysysauth.htm" title="PPP connections with an iSeries server support several options for authenticating both remote clients dialing in to the iSeries, and connections to an ISP or other server that the iSeries is dialing.">System authentication</a></div>
|
|
</div>
|
|
<div class="relref"><strong>Related reference</strong><br />
|
|
<div><a href="rzaiyradiusexample.htm" title="A Network Access Server (NAS) running on the iSeries server can route authentication requests from dial-in clients to a separate RADIUS server. If authenticated, RADIUS can also control the IP addresses to the user.">Scenario: Authenticate dial-up connections with RADIUS NAS</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |