Remote Authentication Dial In User Service (RADIUS) is a networking protocol that handles the authentication, authorization and accounting (AAA) between a client and a network service. This means that the protocol will determine if a client is legitimate, determine what sorts of access that client has and then monitor that client while it is connected to the network. In most cases, a user will have no control over the Remote Authentication Dial In User Service protocol running on his computer and the server operators have very little control over theirs. The entire process is automatic when used.
Typically, the RADIUS protocol is common on large systems with non-trusting users or when moving between networks of non-trusting users. In networking, two computers establish trust with one another to facilitate communication. When two computers trust each other, they can send information back and forth with little additional overhead. When they are non-trusting, there are several stages of authentication and verification used in every step of the communication.
Non-trusting systems and users are more common on the Internet than any other place. Inside an office building, school or home, the computers trust one another and communication is very easy. On the Internet, several computers may need to log into the same machine at the same time. These computers may trust the machine they log into, but they do not trust one another. This circumstance is especially common on an Internet service provider’s (ISP) server when a local machine grabs domain information or email.
When two different ISPs need to send information back and forth from their respective areas, there is rarely any trust. These large non-trusting systems use the Remote Authentication Dial In User Service protocol to keep everything operating smoothly, without having to constantly verify the activity of the non-trusted system. The protocol handles the entire process through AAA.
Authentication is the first step used by the Remote Authentication Dial In User Service. This step verifies that the non-trusted computer or system is who it says it is. There are a handful of ways to do this, but individual users typically provide user information and large systems provide security certificates.
The next step in the Remote Authentication Dial In User Service protocol is authorization. The main point of this step is determining the parameters by which the two non-trusting systems may communicate. This tells the connecting system exactly what it can and cannot do and how long it may stay connected.
RADIUS’s last step is accounting. This step has a twofold purpose. First, it tells the host system exactly what the connected system is doing through periodic messages. Second, it sends information containing the exact time the connection opened and the exact time it closed. This is typically done for billing purposes between network holders.