Radius is a protocol used by Remote Access Server's for user Authentication. User Credentials are forwarded to a Radius server, which in turn manages a Credentials database. It is the Radius server, rather than individual Remote Access Server's, which carries out Authentication.

This delegation of the Authentication process allows users to have a single set of Credentials across all Remote Access Server's, and perhaps to use the same credentials on some host Operating System, such as Unix or NetWare.

Unlike TACACS, Radius is an encrypted protocol, and supports the encrypted exchange of Credentials between the remote end-user and the Authentication Server.

Return to IT Security Concepts