Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for controlling access to network resources. This can be used to validate a LOGON password against the contents of a RADIUS server instead of the USER table. A username and password are sent to a RADIUS server for authentication which produces a response which can be one of the following:
If the RADIUS userid is different from the LOGON userid, it can be stored in the external_id field on the USER record.
The RADIUS password will usually be a one-time password (OTP), which means that it cannot be used more than once. Such passwords are typically generated by a hardware device (a key chain, a USB stick, a Pin Pad, or a SmartCard) which is carried by the user, or a software program which is installed on the user's computer. The generation or submission of these passwords may also involve the use of a separate PIN number, which implements Two Factor Authentication (2FA) or Two Token Authentication (TTA) to provide an extra layer of security.
When this option is turned on in the Menu Control Data it applies to all users EXCEPT the following:
For details on how to turn this option on please refer to FAQ 93.
NOTE: the current implementation within RADICORE does not support the following: