Using RADIUS in user authentication

Remote Authentication Dial-in User Service (RADIUS) is a protocol for carrying authentication, authorization, and configuration information.

RADIUS is a widely supported standard. For example, Microsoft NPS and RSA Authentication Manager support the protocol and can be used for user authentication in the SMC.

RADIUS uses UDP as its transport protocol. The exchanges between the client and the RADIUS server are authenticated by using a shared secret, which is never sent over the network. User passwords transferred between the client and the RADIUS server are encrypted using the MD5 message digest algorithm. The rest of the RADIUS communications are in cleartext.

Servers that provide RADIUS-based authentication methods can also be used for authenticating administrators’ Management Client logons and wireless client connections to wireless interfaces on firewalls.

RADIUS authentication servers that are used for user authentication only support IPv4 addresses. RADIUS authentication servers that are used to authenticate administrators support both IPv4 and IPv6 addresses.