back to article Happy 20th birthday to the RADIUS RFC

January 2017 marks the twentieth year since the birth of an important Internet Request for Comment – a then-new way to account for customer's use of their then dial-up services. It's been around for so long, El Reg would bet most people would need Google to tell them what RADIUS stands for – Remote Authentication Dial-in User …

  1. froberts2

    20 years?

    Cisco added support for RADIUS in February 1996 (IOS 11.1), and they were dragged there kicking and screaming as they preferred people to use their own TACACS (and later, TACACS+) protocols.

    Perhaps my calculator is broken, but that sounds like more than 20 years to me...

    I hope the birthday card you bought was a belated one.

    1. Richard Chirgwin (Written by Reg staff)

      Re: 20 years?

      Thanks; I've made a suitable change to the headline. RC

    2. Fazal Majid

      Re: 20 years?

      Yes, RADIUS was more of a Livingston, then Ascend thing.

      RADIUS lives on, most enterprises' WiFi and authenticated Ethernet rely on it, but it's successor DIAMETER (get it?) is the protocol that is replacing SS7 for telephony in the post-circuit era.

      1. EnviableOne Bronze badge

        Re: 20 years?

        Most of the features in DIAMETER have been back ported into RADIUS, so there is little need to change to the new protocol

        similar to what has happened to IPv4 since the IPv6 standard came out.

  2. Peter Galbavy

    20 years my hairy fat arse

    We (Demon) were using RADIUS on both Ascend, USRobotics (much less) and custom SunOS with SCSI bases serial ports for authentication well before then. We (again, not me, just we) were also syncing RADIUS databases using UUCP over TCP between multiple servers for PoPs and the like too. Sigh.

  3. batfastad

    Stock photography

    Please, please, please stop using stock photography for every single article! A project is X years old, so you've got a generic picture of some generic people having a shit birthday party.

    Enough.

    1. Joseph Haig

      Re: Stock photography

      Yes, we demand a new photograph for every 'project is X years old' story from now on with someone of the correct age.

      I think that IBM is 106 this year.

    2. Ken Moorhouse Silver badge

      Re: Stock photography

      There is some relevance: The Birthday Cake. All that's needed was to show a bird's eye view of someone using a knife to cut from the centre to the perimeter.

    3. DasWezel
      WTF?

      Re: Stock photography

      On that note...

      What the /hell/ is the guy on the left wearing on his face?

  4. batfastad

    Or how about if there is no directly relevant image (e.g.: product photo or vendor/project logo) then my preference would be no image.

  5. sean.fr

    Radius's big hic

    Unlikely Active Directory, the Radius can not prompt you to regularly change your password. In general an administrator manually puts the text in a users file. He emails it to you, and you never change it.

    For switches/industrial equipment/company WiFi tablets/phones you want people to regularly change thier own passwords so you can see in logs who did what.

    You can have Radius pass the validation task to an AD but then you are running a closed windows system because Radius is missing a very basic feature. Plus you are forced to use your Windows Office PC password for network/critical stuff.

    Time for a rework for the next 20 years.

    1. anothercynic Silver badge

      Re: Radius's big hic

      Ummmmm. No. RADIUS is a protocol. It does not need to handle password change requests. It is the supplicant on your device and the backend (like Active Directory) that should be able to handle password changes, *not* the protocol.

      *eyeroll*

      1. This post has been deleted by its author

  6. sean.fr

    " No. RADIUS is a protocol. It does not need to handle password change requests."

    The Radius protocol is able to do lots, like send text replies. It is able to set your Ip addresses. It can set access lists on what an authorised account can do. It can cause a modem to call you back.

    It has extendable vendor attributes, but you can not changer your password?... You have to talk to a separate back end via a different comms device to do this basic function.

    You can see it is from a time when it was OK to not change passwords. Radius was to avoid you putting lots of live passwords into comms equipement configs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019