Lecture 3.1: Handling Remote Access: RADIUS Motivation
Lecture 3.1: Handling Remote Access: RADIUS Motivation
Lecture 3.1: Handling Remote Access: RADIUS Motivation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Giuseppe Bianchi<br />
<strong>Access</strong>-Reject<br />
<strong>Access</strong> Reject<br />
Two main reasons:<br />
Authentication failed<br />
1+ attributes in the request were not<br />
considered acceptable (authorization failed)<br />
Giuseppe Bianchi<br />
<strong>Access</strong>-Challenge<br />
<strong>Access</strong> Challenge<br />
Used whenever the server wants/needs the user to<br />
send a further response<br />
E.g. a challenge/response authentication mechanisms<br />
Not necessarily CHAP (see CHAP support later on)! Could be<br />
<strong>RADIUS</strong> support for GSM/UMTS authentication!<br />
E.g. prompting the user to enter a password<br />
Challenge typically contains<br />
One or more reply-message attributes<br />
» Which MAY be used in a very flexible manner<br />
May contain text to be prompted to the user<br />
May contain an explicit authentication challenge<br />
NAS collects response from the user and sends a NEW<br />
<strong>Access</strong>-Request<br />
New ID<br />
New User-Password - contains the user response (crypted)<br />
Based on this, server accepts or rejects or send<br />
another challenge<br />
8