Skip to main content
Version: 1.0.2

AAA protocols

RADIUS

  • Stands for Remote Authentication Dial In User Service
  • 📝 Commonly used by ISPs (Internet Service Providers) and corporations for access control
  • Primarily used to manage access to the internet or other networks
    • Networks can employ a variety of networking technologies, including analog modems, DSL, wireless local area networks (WLANs), and VPNs.
  • Based on UDP (User Datagram Protocol)
  • Flexible and extensible offering a variety of ways to authenticate the user
  • Requires setting-up a RADIUS back-end server.
    • Usually integrated with AD (active directory)

Extensible Authentication Protocol (EAP)

EAP Transport Layer Security (EAP-TLS)

  • Secure standard using TLS protocol
  • Requires mutual authentication
    • Where the client-side certificate can be stored in e.g. smart cards.

Diameter

  • Successor to RADIUS
  • Not directly backwards compatible
  • Security is provided by IPsec or TLS and privacy protocols.

TACACS

  • Terminal Access Controller Access-Control System
  • Remote authentication protocol
  • Commonly used in networks of UNIX systems

TACACS+ (TACACS plus)

  • Terminal Access Controller Access-Control System Plus
  • Provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers.
  • Based on TACACS but an entirely new protocol (incompatible with TACACS)
  • Runs on older systems but generally replaced by RADIUS