Communication Between RADIUS Servers and Clients

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

Communication between the RADIUS server and Authentication Manager always uses HTTPS. Communication between RADIUS servers and clients always uses the RADIUS protocol. Authentication Manager uses the security features available in the RADIUS protocol, namely, sensitive fields are encrypted with a shared secret.

A shared secret is a text string that serves as a password between hosts. RADIUS servers use the following types of shared secrets:

  • RADIUS shared secret. Used to secure communication between a RADIUS server and a RADIUS client.

  • Accounting secret. (This is not shown in the following figure) Used to secure accounting traffic passed between the RADIUS primary server and a RADIUS client. The RADIUS server uses the accounting secret of the RADIUS client. If no accounting secret exists on the client, the RADIUS server uses the RADIUS shared secret of the client.

  • Replication secret. Used to secure communication between a RADIUS primary server and a RADIUS replica server. This secret is generated during installation of the Authentication Manager. You cannot manage this secret.

  • Node secret. Used to secure communication between a RADIUS server and an Authentication Manager server. The RADIUS primary and all replicas use the node secret. This secret is generated during installation of the Authentication Manager. You cannot manage this secret.

You can configure the RADIUS shared secret and the accounting shared secrets through the Security Console. After the RADIUS shared secret is created, you must set the secret in the RADIUS client using the RADIUS client’s administrative interface.

 

 

 

 


Attachments

    Outcomes