The IBM AIX® RADIUS server offers an authentication, authorization, accounting (AAA) system designed to provide centralized user authentication to network resources. It helps you deliver secure network access for your company's local and remote users.
The RADIUS server is included with the AIX 5L™ (V5.3) operating system and uses the Remote Authentication Dial-In User Service (RADIUS) protocol-the de facto standard for providing secure remote access into networks.
The IBM AIX RADIUS server enables you to:
- Provide secure authentication to the network
- Control how users access the network
- Configure authorization policies and return attributes
- Assign IP addresses per user
- Provide remote or dial-in access and authentication capabilities to employees
- Generate reports on user network activity
You can configure the IBM AIX RADIUS server so that all systems connecting to any network-internal or external-can be authenticated and authorized. In addition to user authentication, it can also be configured to define factors such as IP address assignment, netmask and Maximum Transmission Unit (MTU). Use the RADIUS server to capture valuable user information, including network usage patterns, the amount of data accessed and session connection and termination information. In addition, the RADIUS server can enforce authentication and policy information per user.
Protect business-critical networks securely, flexibly
By providing one centralized server for all network authentication, either remote or within your company's network, the IBM AIX RADIUS server helps safeguard critical systems with enterprise-class security.
With RADIUS configured, access to systems and networks is controlled through a centralized authentication mechanism. Users can only obtain remote or local access when they use a valid user ID and password.
To provide the flexibility you need to best support your company's security standards and policies, the RADIUS server supports several password hiding algorithms. These include:
- Password Authentication Protocol (PAP)
- Challenge Handshake Authentication Protocol (CHAP)
- Extensible Authentication Protocol (EAP)
Enhance manageability of network authentication
The IBM AIX RADIUS server provides multiple options for managing user data: You can define a centralized user database using LDAP as the back end, or deploy RADIUS quickly by authenticating against existing users defined under the AIX 5L operating system.
RADIUS server utilizes System Management Interface (SMIT) panels to help ease administration workload. In addition, it can help simplify management of network resources by supporting a single point of authorization for dial-in remote access.
Scale up or down as the user base changes
The AIX 5L operating system allows administrators to adjust the number of active RADIUS servers based on workload demands. This means that the solution can scale to match your company's changing network access management needs. LDAP also can scale to support thousands of users. This allows the solution to grow as your business grows.
Protect technology investment with standards-based design
Designed to be interoperable with any hardware client that uses the RADIUS protocol, the RADIUS server can help you protect your company's technology investments by providing the flexibility to use any standards-based hardware.
Support for vendor-specific attributes also enables you to use any client that uses the RADIUS protocol and to define attributes specific to that hardware.
Key features of IBM AIX RADIUS server
- Adheres to RFC standards 2865, 2866, 2284 (EAP), partial 2869, partial 2882
- Supports PAP, CHAP and EAP password authentication methods
- Can store user information to three types of databases:
- AIX 5L V5.3 (allows RADIUS to use the local system authentication method to authenticate the user)
- A local flat file
- LDAP (allows access to a single user database from all RADIUS servers, obtain lists of active users, set a maximum number of logins per user ID, set EAP types that can be configured per user and set password expiration dates)
- Offers easy-to-use SMIT or command line for installation and configuration
- Includes advanced proxy features through which a RADIUS server can process packets at a different location from the user's entry point, enabling it to act as a proxy client to other RADIUS servers when advanced proxy information is configured
- Offers national language support (NLS) for localized interfaces
- Enables system administrators to change the number of active RADIUS servers based on workload requirements and run multiple daemon processes simultaneously by configuring them on different ports
- Allows vendor-defined attributes to support multiple client-specific configurations