Glossary

Authentication

The process of identifying an individual, usually based on a username and password.

Authorization

The process of granting or denying a user access to network resources once the user has been authenticated through the username and password.

Accoutning

The process of keeping track of a user's activity while accessing the network resources. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.

ARAP

Short for Apple Remote Access Protocol, an Apple authentication protocol which uses challenges and responses, like CHAP, to avoid sending clear text passwords through the network.

AV pair

Attribute-Value pair, an entity consisting of a name and a value.

CHAP

Short for Challenge Handshake Authentication Protocol, a type of authentication in which the authentication agent (typically a network server) sends the client program a random value that is used only once and an ID value. Both the sender and peer share a predefined secret. The peer concatenates the random value (or nonce), the ID and the secret and calculates a one-way hash using MD5. The hash value is sent to the authenticator, which in turn builds that same string on its side, calculates the MD5 sum itself and compares the result with the value received from the peer. If the values match, the peer is authenticated.

Dictionary

Set of known RADIUS attribute names and their types.

Key

see Secret.

MS-CHAP, MS-CHAPv2

Short for Microsoft Challenge Handshake Authentication Protocol is a Microsoft authentication protocol that, like CHAP, avoids sending passwords in clear text.

NAS

Network Access Server. The device that accepts PPP connections and places clients on the network that the NAS serves. NAS is also called Terminal server.

Packet

A piece of data sent over a network and encapsulating RADIUS or TACACS message in a well-known format.

PAP

Short for Password Authentication Protocol, the most basic form of authentication, in which a user's name and password are transmitted over a network "in the clear" (that is, in an unencrypted form) and compared to a table of name-password pairs.

ProgID

A ProgID, or programmatic identifier, is a registry entry that can be associated with a CLSID. The format of a ProgID is <Vendor>.<Component>.<Version>, separated by periods and with no spaces, as in Word.Document.6. Like the CLSID, the ProgID identifies a class, but with less precision.

Proxy server

A server that sits between a client application and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.

RADIUS

Short for Remote Authentication Dial-In User Service, an authentication and accounting system used by many Internet Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.

Secret (Key)

A string well known to both client and server and used to validate and/or encrypt data, transmitted between them.

Server

A process receiving requests from its clients, processing them and replying to a client.

Server extension

External module developed as COM server implementing some defined interfaces and used by ClearBox Server.

Server Manager

Graphic utility used to manage ClearBox Server, configure and monitor it.

State server

Some kind of database maintained by server extension where information on users currently logged onto the network is stored.

Synchronization

Process used by ClearBox Server to compensate loss of accounting data by synchronizing state server and NAS.

TACACS+

Short for Terminal Access Controller Access Control System, a protocol developed by Cisco Systems. Allows to exchange authentication, authorization and accounting data between a device that provides network access to users (the "TACACS+ client") and a device that contains authentication information for those users (the "TACACS+ server").

VSA

Vendor Specific Attributes; RADIUS attributes defined by vendors using the provision of attribute 26.