|
|
 |
| AuthAgent RADIUS |
| Remote Authentication
Dial-in User Specification |
|
AuthAgent RADIUS
is a lean-footprint embedded implementation of the Remote
Authentication Dial In User Service as specified by RFC
2865. It relies on a client/server mechanism to carry
authentication, authorization and configuration
information between a service which needs to grant
privileges, and a shared server that has the user and node
information required to decide whether such privileges
should be granted. It facilitates the use of a server
based non-embedded user database with centralized user and
configuration administration that is very easy to use with
a provisioning system such as an OSS (Operational Support
System).
|
|
|
|
|
|
|
|
|
|
|
|
| Challenge Response Support |
| Besides synchronous
Accept/Reject access authentication, AuthAgent RADIUS
also supports challenge-response authentication, in
which the server sends back a challenge prompting the
user for information such as additional authentication
information contained on a smart-card or a two-factor
scheme using external tokens to respond to the
challenge. AuthAgent RADIUS packages and sends the
user’s response to the server, and authorizes access
based on the server's response. |
 |
| EAP over RADIUS |
| Extensible
Authentication Protocol (EAP) is an IETF protocol (RFC
2248) defined for extensibility of authentication
processes with evolving authentication methods, without
changing existing applications. In addition to support
within Point-to-Point Protocol (PPP), EAP is also
supported in the IEEE 802 link layer for wired and
wireless switch port authentication using the 802.1X
specification. AuthAgent RADIUS includes a reference EAP-based
client which negotiates EAP types and transports EAP-Message
RADIUS attributes. This provides an interoperable
authentication mechanism for wired LANs, and a method of
access control and distribution of encryption keys for
wireless LANs, such as those used with WEP, TKIP, and
CCMP. |
|
 |
Customization
Flexibility |
 |
 |
|
|
|
 |
Flexible APIs for configuring RADIUS server
settings including server name, retry count, and
timeouts on a server-specific basis |
|
|
Supports multiple RADIUS servers |
|
|
RADIUS attribute dictionary configures required
attributes while ignoring others |
|
|
Can add authentication methods |
|
|
Supports EAP and easily adds new EAP types |
|
|
Supports Vendor-Specific attributes |
|
|
Client configuration via configuration files or,
where a file system is not available, directly
through APIs |
|
|
 |
 |
 |
 |
|
|
|
|
 |
Vendor-specific attributes
RADIUS transactions are comprised of variable length Attribute-
Length-Value 3-tuples and new vendor-specific attributes can be
added without disturbing existing implementations. The flexible
library provided by AuthAgent RADIUS allows any generic RADIUS
attribute, including ones listed in RFC 2865, to be sent and
received by a RADIUS client application. In addition, it also
provides the APIs to process any Vendor-Specific attribute by
parsing the generic portions of the attributes, while the
application extracts vendor-specific content. AuthAgent RADIUS
allows the processing of attributes using custom mechanisms.
Specifically, for Microsoft specific attributes, AuthAgent
RADIUS transparently decrypts the MS-MPPE-Recv-Key and MS-MPPE-Send-Key
attributes. |
Usage Scenarios
AuthAgent RADIUS can be used standalone or as an add-on for
TeamF1's network security protocols including SSHield and
V-IPSecure. It can also be combined with third-party security
protocol implementations, allowing a common centralized back-end
authentication server to hold and administer a user-directory
that can be used across the board in an enterprise. Further, its
made-for-embedded design and dynamic shutdown and restart
capabilities make it easy to use with a provisioning system. |
|
|
|
|
