Information Technology Reference
In-Depth Information
Figure 4: The exchange of RADIUS messages.
To the user it is presented as a random number, which should be
encrypted and the result of encryption should be retransmitted to the server.
The server receives this message and examines it, if all is ok, it sends a
message of access to the client. The RADIUS protocol goes beyond the
authentication support, as the granting message contains configuration
information, such as PPP, user login and so on. With the RADIUS node all
the information necessary to support the session on a network are provided,
e.g. an IP address for the session, compression services, the maximum
transmission unit (MTU) and so on. The NAS client can support PAP and
CHAP protocols. In this case, the NAS sends the client ID and password in
the message asking for access (specifically in the user-name and password
fields of the message). If using the CHAP protocol, the NAS client generates
a response and sends it to the user. According to the rules of the CHAP
protocol, the user responds with IP CHAP and CHAP username. At this point
the NAS client sends to the RADIUS server the message of access request,
containing the CHAP information. The RADIUS server uses the UDP
protocol, since if the first authentication to a server fails, it must be
conducted on a secondary server. UDP also simplifies the use of multi-
threading (where the user request generates several processes to reduce the
