Symantec Privileged Access Management

Tech Tip - CA Privileged Access Manager: RADIUS Server Redundancy in PAM 

Mar 02, 2017 06:21 AM

When PAM is configured with a list of RADIUS servers (more than 1), the system sends the authentication request to all of the RADIUS server. Only if it gets an OK from all will the user be authenticated. If you use one-time passwords you cannot send the same OTP to multiple servers. It should fail the second time as a reuse of an OTP.

If you want to have redundancy on the RADIUS servers you must use an external load balancer and only configure one RADIUS server in PAM - the LB interface to your RADIUS servers.

 

There's a New Enhancement to have the ability to work with multiple RADIUS servers:

Redundent Radius Servers 

Statistics
0 Favorited
9 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.