|
|
 |
| AuthAgent RADIUS |
| Remote Authentication
Dial-in User Specification |
|
AuthAgent RADIUS
is a lean-footprint embedded implementation of the Remote
Authentication Dial In User Service as specified by RFC
2865. It relies on a client/server mechanism to carry
authentication, authorization and configuration
information between a service which needs to grant
privileges, and a shared server that has the user and node
information required to decide whether such privileges
should be granted. It facilitates the use of a server
based non-embedded user database with centralized user and
configuration administration that is very easy to use with
a provisioning system such as an OSS (Operational Support
System).
|
|
|
|
|
|
|
|
|
|
|
|
| AuthAgent RADIUS |
AuthAgent RADIUS is a
lean, embedded implementation of the RFC 2865-specified
Remote Authentication Dial In User Service for embedded
devices. It implements a client/server mechanism
to carry authentication, authorization, and
configuration information between a network service
granting privileges and a shared server that has the
centralized user and node information required to decide
whether such privileges should be granted. When used in
conjunction with protocols that secure the network path, AuthAgent RADIUS provides a powerful, yet simple
mechanism to authenticate and authorize access to VPNs,
dial-up concentrators, Ethernet switches, and more
recently, wireless networks.
RADIUS, originally intended for dial-in use, is now the
de-facto standard for remote authentication in both new
and legacy applications. The RADIUS protocol specifies
the information exchange between a device that provides
network access to users (the "RADIUS client") and a
device that manages authentication information for those
users (the "RADIUS server"). Having this separation of
roles allows for centralized authentication and
administration, which is especially attractive to
embedded devices that need to verify user credentials
and authorize users, without having the overhead of
maintaining and administering a database of sensitive
user information. AuthAgent RADIUS provides a library to
build customized RADIUS client applications, and
facilitates this authentication on embedded devices. |
|
 |
Features |
 |
 |
 |
|
 |
RFC-compliant, interoperability-tested RADIUS
client library |
|
|
Includes a password-based and an EAP
authentication client |
|
|
Built-in authentication with PAP, CHAP, MS-CHAP
and EAP |
|
|
Supports Microsoft Vendor-Specific attribute
format, decryption of MS-MPPE-Recv/Send-Key
attributes |
|
|
Supports challenge-response |
|
|
Dynamic shutdown and restart |
|
|
Can be used standalone or with network security
protocols |
|
|
Support for multiple CPU types of either endian-ness
including PowerPC, MIPS, X86, ARM/Xscale |
|
|
Royalty-free full source distribution |
|
|
 |
 |
 |
 |
|
|
|
RADIUS Security
Security for the RADIUS information exchange is enabled by means
of a pre-configured shared secret known only to the client
application on the AuthAgent RADIUS side (configured using its
APIs), and to the RADIUS server in use. All transactions between
them are encrypted using this shared secret, which itself is
never sent over the network. In addition, AuthAgent RADIUS
always encrypts passwords using a stream derived from an MD-5
hash (per RFC 2865), so that only the two ends of the RADIUS
link can decode them. |
|
 |
|
|
|
Special Features |
|
|
Supports dynamic
intialization and de-initialization of RADIUS client
library |
|
|
Validated with V-IPSecure
(XAUTH) for IKE authentication |
|
|
Enhanced memory
management and partition support |
|
|
Enables the processing of attributes
using custom mechanisms. |
|
|
Supports multiple and redundant RADIUS
servers |
|
|
Supports EAP and easily adds new EAP types |
|
|
|
|
|
|
