Monday, November 30, 2009


When preparing for the CompTIA Security+ (SY0-201) exam, you will run across the term RADIUS and you should understand what a RADIUS server provides.

The Remote Authentication  Dial-In User Service (RADIUS) is used to centrally authenticate users when remote access or network access is used.

Assume a large company has employees that regularly go on the road selling, consulting, teaching, or other reasons. However, they need access to the back end network. RADIUS provides authentication when the employees dial-in.

The company could have offices spread across the country and users are encouraged to dial-in to the closest office. For example, when they're in California, they should dial-in to a server in California. When in Florida, they should dial-in to a server in Florida. Each server could hold authentication details for each employee in a local database. However, if this is done, when an employee is added or removed from a database on one server, the database must be updated on every server in every region. This becomes too much work.

Instead, a RADIUS server is used for central authentication. All remote access servers send their authentication requests to the RADIUS server. In this way, only one authentication database (on the RADIUS server) needs to be maintained.

TACACS+ is a Cisco alternative to RADIUS. TACACS+ provides two significant benefits.
  • It is more secure than RADIUS since it encrypts the entire authentication process
    (RADIUS only encrypts the password)
  • It interacts with Kerberos allowing it to work with Microsoft networks.
Both RADIUS and TACACS+ are widely in use today.

Good luck with your studies.

Darril Gibson