RFC 2059 (rfc2059) - Page 2 of 25
RADIUS Accounting
Alternative Format: Original Text Document
RFC 2059 RADIUS Accounting January 1997
1. Introduction
Managing dispersed serial line and modem pools for large numbers of
users can create the need for significant administrative support.
Since modem pools are by definition a link to the outside world, they
require careful attention to security, authorization and accounting.
This can be best achieved by managing a single "database" of users,
which allows for authentication (verifying user name and password) as
well as configuration information detailing the type of service to
deliver to the user (for example, SLIP, PPP, telnet, rlogin).
The RADIUS (Remote Authentication Dial In User Service) document [4]
specifies the RADIUS protocol used for Authentication and
Authorization. This memo extends the use of the RADIUS protocol to
cover delivery of accounting information from the Network Access
Server (NAS) to a RADIUS accounting server.
Key features of RADIUS Accounting are:
Client/Server Model
A Network Access Server (NAS) operates as a client of the
RADIUS accounting server. The client is responsible for
passing user accounting information to a designated RADIUS
accounting server.
The RADIUS accounting server is responsible for receiving the
accounting request and returning a response to the client
indicating that it has successfully received the request.
The RADIUS accounting server can act as a proxy client to other
kinds of accounting servers.
Network Security
Transactions between the client and RADIUS accounting server
are authenticated through the use of a shared secret, which is
never sent over the network.
Extensible Protocol
All transactions are comprised of variable length Attribute-
Length-Value 3-tuples. New attribute values can be added
without disturbing existing implementations of the protocol.
In this document, several words are used to signify the requirements
of the specification. These words are often capitalized.
Rigney Informational