Remote Authentication Dial-In User Service (RADIUS) is a client/server-based system that supports authentication, authorization, and accounting (AAA) services for remote user access while safeguarding the system from unauthorized access. RADIUS organizes a centralized user administration by keeping record of all user profiles in one location that all remote services have access to.
To validate a RADIUS server, user credentials are required. That information is encrypted and sent to the RADIUS server in an Access-Request packet. Once credentials are received, the RADIUS server accepts, rejects or challenges the information. If credentials are accepted, the RADIUS server sends an Access-Accept packet and the user is authenticated. If the credentials are rejected, the RADIUS server sends an Access-Reject packet. If the information is challenged, it sends an Access-Challenge packet that requests additional information from the user the RADIUS server will use for authentication.
For remote dial-up access, RADIUS also supports callback security where the server will terminate the connection and establish a new connection by dialing a predefined telephone number attached to the user’s modem. Callback security works as an extra layer of protection from unwarranted access over dial-up connections. Because of the success of RADIUS, DIAMETER was developed. An upgraded version of RADIUS, DIAMETER is designed for use on all methods of remote connectivity in addition to dial-up.