Module radius

Expand description

RADIUS (RFC 2865 / RFC 2866) — Remote Authentication Dial-In User Service

Provides a RADIUS client for authenticating users against a RADIUS server (e.g. FreeRADIUS, Microsoft NPS, Cisco ISE). Supports Access-Request / Access-Accept / Access-Reject / Access-Challenge flows and basic accounting (RFC 2866).

§Protocol Overview

RADIUS uses UDP with a shared secret for packet authentication. The authenticator field is an MD5 hash that binds the request/response to the shared secret, providing integrity (but not confidentiality unless RadSec / TLS is used).

§Security Considerations

The shared secret must be strong (≥16 random bytes recommended)
User-Password attribute is encrypted with MD5(secret + authenticator)
Consider RadSec (RADIUS over TLS, RFC 6614) for transport security

Modules§

attr: RADIUS attribute type codes (RFC 2865 §5).
code: RADIUS packet type codes (RFC 2865 §4).

Structs§

RadiusAttribute: A RADIUS attribute (type-length-value).
RadiusAuthResult: Result of a RADIUS authentication attempt.
RadiusClient: RADIUS authentication and accounting client.
RadiusConfig: RADIUS client configuration.
RadiusPacket: A RADIUS packet.

Module radius

Module radius Copy item path

§Protocol Overview

§Security Considerations

Modules§

Structs§

Module radius