RADIUS (Remote Authentication Dial In User Service), defined in RFC 2865, is a protocol for remote user authentication and accounting.
RADIUS enables centralized management of authentication data, such as usernames and passwords.
When a user attempts to login to a RADIUS client, such as a router, the router send the authentication request to the RADIUS server. The communication between the RADIUS client and the RADIUS server are authenticated and encrypted through the use of a shared secret, which is not transmitted over the network.
The RADIUS server may store the authentication data locally, but it can also store authentication data in an external SQL database or an external Unix /etc/passwd file. The RADIUS server can also plug into a PAM (Pluggable Authentication Service) architecture to retrieve authentication data.
The role of the RADIUS server as the centralized authentication server makes is an excellent choice for also performing accounting.
RADIUS can significantly increase security by enabling the centralization of password management. Of course, the other side of that argument is that once you take over the RADIUS server, you have everything.
RADIUS servers are available from many vendors. In addition, GNU RADIUS is an excellent non-commercial option.
RADIUS utilizes the MD5 algorithm for secure password hashing.
RADIUS is the de facto authentication provider in 802.11i wireless networks.