Authentication refers to the confirmation that a user who is requesting services is a valid user of the network services requested. Authentication is accomplished via the presentation of an identity and credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).

Authentication methods

The following authentication types are some of the methods which are supported by the server :

• Clear-text password in local configuration file (PAP) (cf. users file)
• Encrypted password in local configuration file
• CHAP
• MS-CHAP
• MS-CHAPv2
• Windows Domain Controller Authentication (via ntlm_auth and winbind)
• Proxy to another RADIUS server
• System authentication (usually through unix /etc/passwd)
• PAM (Pluggable Authentication Modules)
• LDAP (PAP only)
• PAM (PAP only)
• CRAM
• Perl program
• Python program
• Java as a JRadius handler
• SIP Digest (Cisco VoIP boxes, SER)
• A locally executed program. (like a CGI program.)
• Netscape-MTA-MD5 encrypted passwords
• Kerberos authentication
• X9.9 authentication token (e.g. CRYPTOCard)
• EAP wireless with embedded authentication methods
  • EAP-MD5
  • Cisco LEAP
  • EAP-MSCHAP-V2 (as implemented by Microsoft),
  • EAP-GTC
  • EAP-SIM
  • EAP-TLS
  • EAP-TTLS (with any authentication protocol inside of the TLS tunnel)
  • EAP-PEAP (with tunnelled EAP)

See Also

• RFC 2865
• AAA
• AAAA
• Protocol and password compatibility