Security And Authentication Mechanisms; Basic Radius Message Exchange Process - HP 1910 User Manual

Security and authentication mechanisms

A RADIUS client and the RADIUS server use a shared key to authenticate RADIUS packets and encrypt
user passwords that are exchanged between them. The keys are never transmitted over the network. This
security mechanism improves the security of RADIUS communication and prevents user passwords from
being intercepted on insecure networks.
A RADIUS server supports multiple user authentication methods. A RADIUS server can also act as the
client of another AAA server to provide authentication proxy services.

Basic RADIUS message exchange process

Figure 414 illustrates the interactions between the host, the RADIUS client, and the RADIUS server.
Figure 414 Basic RADIUS message exchange process
RADIUS operates in the following manner:
1. The host initiates a connection request that carries the user's username and password to the
RADIUS client.
2. Having received the username and password, the RADIUS client sends an authentication request
(Access-Request) to the RADIUS server, with the user password encrypted by using the MD5
algorithm and the shared key.
3. The RADIUS server authenticates the username and password. If the authentication succeeds, the
server sends back an Access-Accept message containing the user's authorization information. If
the authentication fails, the server returns an Access-Reject message.
4. The RADIUS client permits or denies the user according to the returned authentication result. If it
permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server.
5. The RADIUS server returns an acknowledgement (Accounting-Response) and starts accounting.
429