RADIUS server packages generally include an authentication and accounting server and some administrator tools.
RADIUS servers support a wide variety of authentication schemes. A user supplies his authentication data to the server either directly by answering the terminal server's login/password prompts, or using PAP or CHAP protocols. The server obtains the user's personal data from one of the following places:
The user's login and password are stored in /etc/passwd on the server, i.e. they are a "normal" UNIX user on the system.
The user's login ID, password etc. are stored in the internal RADIUS server database. The user's password is stored in encrypted form using either MD5 or DES hash, whichever is appropriate. Alternatively, a plaintext password can also be used if CHAP protocol is being used; CHAP usage is strongly discouraged for security reasons.
The user's details are stored in an SQL database. The database structure is fully determined by the system administrator; the RADIUS server does not restrict it in any way. See Interaction with SQL Servers.
The user is authenticated via PAM (Pluggable Authentication Service) framework. See the Linux PAM homepage for more details.
RADIUS servers have three built-in accounting schemes:
Accounting data are stored in radutmp/radwtmp files and can be viewed using radwho and radlast commands. Both commands are upward compatible with their Unix counterparts who and last.
The detailed accounting information is stored in plain text format. The resulting files can easily be parsed using standard text processing tools (grep, awk, etc.)
Upon receiving accounting information the RADIUS server stores it in an SQL database. This can then be processed using standard SQL queries.
RADIUS servers are usually extensible and new accounting methods can be added using the extension language.