Centralized Remote Access

The main protocols that centralize the remote access are:

A good Centralized Remote Access must support the following protocols:
* CHAP
* PAP
* Unix Login
* SecureID
* Novell NDS
* Microsoft domain authentication systems

RADIUS

Remote Authentication and Dial-In User Service.
Radius is a networking protocol that uses access servers to provide centralized management of access to large networks. RADIUS is commonly used by ISPs and corporations managing access to the internet or internal networks employing a variety of networking technologies, including modems, DSL, wireless and VPNs.
RFC: 2138
Port: 1813/udp
RADIUS uses a challenge/response method for authentication. It uses the MD-5 encryption method to encrypt password information.
The primary purpose of this data is that the user can be billed accordingly; the data is also commonly used for statistical purposes and for general network monitoring.
realms like: somedomain.com\username@anotherdomain.com

TACACS

Terminal Access Controller Access Control System.
Multi-factor authentication.
Extended TACACS (XTACACS) adds more intelligence in the server.
TACACS+ adds encryption to all transmissions and a challenge/response option.
Unlike RADIUS, TACACS+ stores all server options and authentication information in a single file. Some improvements from RADIUS are:
* The shared secret key and accounting information are specified in the configuration file.
* Site-specific extensions are supported by customizable variable length parameter data.
* TCP ensures reliable delivery.

DIAMETER

It builds on the strengths of RADIUS while improving encryption, authentication, authorization, accounting, and the ability to connect to multiple service providers.
Operates in a peer-to-peer operation instead of a client/server.
Is capable of supporting any number of connection, authentication, authorization, and account types.
Is made up of a base protocol and extension modules.