[kwlug-disc] Radius
B.S.
bs27975.2 at gmail.com
Fri Sep 9 00:40:36 EDT 2016
In essence, sort of, Radius provides OOB (Out Of Band or Out Of Box)
authentication, for things that understand Radius. Radius can use
various schemes to authenticate, often more schemes than the calling box
itself can. And if off network, the Radius server, containing the keys
to the kingdom, shouldn't be hackable / externally accessible.
So, for a made up example, a Cisco router without biometrics could
instead call upon a Radius box with such biometrics before allowing
configuration access.
IIRC, Radius can essentially be scripted, so the above might only be
valid between the hours of 8am and 5pm, and IIRC Radius can also feed
logs. x Granted access to y, logging and controlling in ways the
original box might not have been able to. There can be some advantage to
having a central replicated authentication and access logging agent box
rather than having to maintain credentials on multiple boxes.
https://en.wikipedia.org/wiki/RADIUS
Quickly rescanning that link before pasting it reminded me that Radius
need not be stand alone box, it can run as a service as well. So you
could play with it without too much effort.
After all, being good network practitioners that we all are, we all have
one or more replicated vm's on our home networks, providing dns(sec),
dhcp, proxy, LDAP, ssh, mrtg, central logging, and more, right?
On 09/08/2016 09:28 AM, Hubert Chathi wrote:
> Since Radius was brought up... I've been tempted to set up a Radius
> server on my home network, just to try it out, but the main issue is
> that I'm not sure what benefit Radius brings. I already have an LDAP
> server, and it seems like everything that can use Radius can also use
> LDAP. So is there any advantage that Radius has over just using LDAP
> directly? What is Radius used for?
More information about the kwlug-disc
mailing list