User's Manual
RADIUS Authentication Modes
Configuring RADIUS Authentication 5-3
A RADIUS server vendor is often the authentication server vendor as well, in which
case authentication can be processed on the RADIUS server. For example, the RSA
ACE/Server is both a RADIUS server and an authentication server. It thus
authenticates the user's pass code.
RADIUS Authentication Modes
User authentication can take place in either of two ways:
■ Synchronous Authentication Mode
■ Challenge-Response (Asynchronous) Authentication Mode
Synchronous Authentication Mode
In the synchronous mode, RADIUS lets you use various authentication methods,
including passwords and SecurID token cards. Figure 5–2 shows the sequence in
which synchronous authentication occurs:
Table 5–1 RADIUS Authentication Components
Component Stored Information
Oracle client Configuration setting for communicating through RADIUS.
Oracle database
server/RADIUS
client
Configuration settings for passing information between the Oracle
client and the RADIUS server.
The secret key file.
RADIUS server Authentication and authorization information for all users.
Each client's name or IP address.
Each client's shared secret.
Unlimited number of menu files enabling users already authenticated
to select different login options without reconnecting.
Authentication
server or servers
User authentication information such as pass codes and PINs,
depending on the authentication method in use.
Note: The RADIUS server can also be the authentication server.
See Also: Oracle Net Services Administrator's Guide, for
information about the sqlnet.ora file