As part of the Edge Security Pack (ESP), the LoadMaster supports a number of authentication protocols, including Remote Authentication Dial-In User Service (RADIUS).

RADIUS is a widely deployed protocol enabling centralized authentication, authorization and accounting for network access. Originally developed for dial-up remote access, RADIUS is now supported by Virtual Private Network (VPN) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, and other network access types.

A RADIUS client (typically an access server such as a dial-up server, VPN server, or wireless access point) sends user credentials and connection parameter information in the form of a RADIUS message to a RADIUS server. The RADIUS server authenticates and authorizes the RADIUS client request, and sends back a RADIUS message response. RADIUS clients also send RADIUS accounting messages to RADIUS servers. Additionally, the RADIUS standards support the use of RADIUS proxies. A RADIUS proxy is a computer that forwards RADIUS messages between RADIUS clients, RADIUS servers and other RADIUS proxies. RADIUS messages are never sent between the access client and the access server.

The LoadMaster also supports RADIUS challenge/response authentication. RADIUS challenge/response is supported transparently – if the server sends a challenge, an additional form will be displayed and the user will be asked to enter the additional One Time Password (OTP).

An OTP is a password that is valid for only one login session. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication.

Document Purpose

The purpose of this document is to provide some further information on RADIUS challenge/response authentication.

For information on how to configure RADIUS ESP authentication in general, please refer to the RADIUS ESP Authentication, Feature Description.