.................................................................................................................................... ........................................................................................................................
RADIUS Terms ExplainedIntroduction to 8950 AAA
1-4 365-360-001 R6.0
Issue 1, December 2008
.................................................................................................................................... ........................................................................................................................
8950 AAA requires that at least one policy be defined, but it can be configured to handle
many policies. You decide how many policies are necessary based on your business needs.
The needs can range from the type and level of services you provide, equipment
requirements, and customer requirements, to the geographic location of your customers
and the time of day.
This document will describe use of the 8950 AAA PolicyAssistant to define access
policies. It is also possible to create custom access policies using the 8950 AAA
PolicyFlow programming language. Please refer to the 8950 AAA Programmer’s
Reference Manual.
Authentication and Authorization Activities
As mentioned previously, a user source is a data repository that contains user information
called user profiles. 8950 AAA can access information stored in a variety of user sources.
A user source might be one of the following:
•Standard text files, such as a RADIUS User file commonly used in publicly available
RADIUS servers
•SQL databases, such as Oracle, Sybase, MySQL, or the built-in database
•An LDAP (Lightweight Directory Access Protocol) server or a server that supports
LDAP queries, for example, Microsoft Active Directory or Novell NetWare directory
A user profile typically contains the user’s name and password. Some user profiles may
also contain information that describes the connection type, allowed services,
authentication means, and session limits specific to a user.
The term authentication source refers to the place where the user’s authentication
information, typically a password, is stored, for example, the user’s profile, or an external
service that authenticates the user. An example of an external service is a secure token
server.
Tabl e 1-1 provides a list of supported sources for user profiles and a description of each. It
is possible to read a user profile from one source and use a different source for
authentication. For example, the user profile might be stored in LDAP while an RSA ACE
(SecurID) might be used for authentication.
Table 1-1 Supported Sources for User Profiles
User Source Description
RADIUS User File A text file that conforms to a traditional format as
used in many freeware RADIUS servers