RADIUS

Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol
that allows users to dial into an environment and authenticate over a PPP
or SLIP connection. The components that are typically involved are a modem
pool, an access server, and a RADIUS server. Users dial into the modem pool,
which is connected to an access server. The access server prompts the user for
credentials and then passes this information on to the RADIUS server. The
RADIUS server compares the credentials to its user database and then authenticates
authorized users. This process is shown in Figure 2-8.
The user is a client to the access server and the access server is a client to the
RADIUS server. The access server just works as a middleman between the user
and RADIUS server.When a user is authenticated, the RADIUS server may send
connection requirements to the access server, as in a requirement to set up a virtual
private network (VPN) or an allotted amount of bandwidth users can use
during connections.

This technology allows users to use a local ISP to connect to a corporate network
instead of enduring long-distance phone calls. It also allows for centralized
control, in that the administrator configures the RADIUS server to dictate who
is granted access and to what extent.