AuthAgent RADIUS remote authentication agent (617)
AuthAgent RADIUS is a lean, embedded implementation of the of Remote Authentication Dial In User Service (RFC 2865) protocol. It is commonly used for embedded network devices such as routers, modem servers, and switches. RADIUS is currently the de-facto standard for remote authentication. It implements a client/ server mechanism to carry authentication, authorization, and configuration information between a network service granting privileges and a shared server that has the centralized user and node information required to decide whether such privileges should be granted. It is a member of the AuthAgent family of authentication products offered by TeamF1.
- RFC-compliant, interoperability tested RADIUS client library
- Includes a password-based and an EAP authentication client
- Built-in authentication with PAP, CHAP, MS-CHAP and EAP
- Supports Microsoft Vendor-Specific attribute format, decryption of MSMPPE-Recv/Send-Key attributes
- Supports challenge-response
- Dynamic shutdown and restart
- Can be used standalone or with network security protocols
- Support for multiple CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/Xscale
- Royalty-free full source distribution
- RFC 2865
- RFC 2548
- RFC 2284
- RFC 3579
- RFC 3580
- Flexible APIs for configuring RADIUS server settings including server name, retry count, and timeouts on a server-specific basis
- Supports multiple RADIUS servers
- RADIUS attribute dictionary configures required attributes while ignoring others
- Can add authentication methods
- Supports EAP and easily adds new EAP types
- Supports Vendor-Specific attributes
- Client configuration via configuration files or, where a file system is not available, directly through APIs
- AuthAgent family:
- Kerberos: A Kerberos Authentication Agent
- X.509: Digital Certificate Authentication
- SSecure family:
- SSHield SSH: Secure Shell & SFTP/SCP
- SSLimSecure SSL: Secure Sockets Layer & TLS
- V-IPSecure IPSec & IKE: Network Layer Security
AuthAgent RADIUS provides a powerful, yet simple mechanism to authenticate and authorize access to VPNs, dial-up concentrators, Ethernet switches, and wireless networks. The RADIUS protocol specifies the information exchange between a device that provides network access to users (the "RADIUS client") and a device that manages authentication information for those users (the "RADIUS server"). The separation of roles centralizes authentication and administration, which is especially attractive to embedded devices that need to verify user credentials and authorize users, without having the overhead of maintaining and administering a database of sensitive user information. AuthAgent RADIUS always encrypts passwords using a stream derived from an MD-5 hash (per RFC 2865), so only the two ends of the RADIUS link can decode them.
AuthAgent RADIUS supports synchronous Accept/Reject access authentication, and challenge-response authentication, in which the server sends back a challenge prompting the user for information such as additional authentication information contained on a smart-card or a two-factor scheme using external tokens to respond to the challenge. AuthAgent RADIUS packages and sends the user response to the server, and authorizes access based on the server response.
Extensible Authentication Protocol (EAP) is an IETF (Internet Engineering Task Force) standard (RFC 2248) defined for extensibility of authentication processes with evolving authentication methods, without changing existing applications. EAP is supported within Point-to-Point Protocol (PPP) and in the IEEE 802 link layer for wired and wireless switch port authentication using the 802.1X specification. AuthAgent RADIUS includes a reference EAP-based client which negotiates EAP types and transports EAP-Message RADIUS attributes. This provides an interoperable authentication mechanism for wired LANs, and a method of access control and distribution of encryption keys for wireless LANs, such as those used with WEP, TKIP, and CCMP.
The flexible library provided by AuthAgent RADIUS allows any generic RADIUS attribute, including ones listed in RFC 2865, to be sent and received by a RADIUS client application. In addition, it also provides the APIs to process any Vendor-Specific attribute by parsing the generic portions of the attributes, while the application extracts vendor-specific content. AuthAgent RADIUS allows the processing of attributes using custom mechanisms, such as the Microsoft specific MS-MPPERecv-Key and MS-MPPE-Send-Key attributes.
AuthAgent RADIUS can be used standalone or as an add-on to other TeamF1 network security protocols including SSHield and V-IPSecure. It can also be combined with third-party security protocol implementations, allowing a common centralized back-end authentication server to hold and administer a user-directory that can be used across the board in an enterprise. Further, its made-for-embedded design and dynamic shutdown and restart capabilities make it easy to use with a provisioning system.
AuthAgent RADIUS is a drop-in component for many real-time and embedded operating systems including VxWorks 5.x, 6.x, and AE/653, and Linux 2.4 and 2.6 kernels. It has been extensively validated on a variety of CPU architectures, which minimizes development and integration efforts. AuthAgent RADIUS is uniquely optimized for each embedded OS supported, such as multi-tasking, memory partitions, security threats, and abstractions that are lean, yet fast and full-featured.
If you are interested in more information on how Wind River partners with this company, click here.