The Internet Authentication Service is the central component in Windows 2000 for authenticating, authorizing, and auditing users who connect to a network through a VPN or dial-up access. The IAS server is used with a RADIUS server. RADIUS is the authentication protocol most commonly used by ISPs. IAS uses data stored on a domain controller to verify the authentication requests received through the RADIUS protocol.
IAS uses the authentication protocols within PPP to authenticate users. These include Challenge Handshake Authentication Protocol (CHAP) and its Windows-specific variant, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP). Other methods of authentication include Extensible Authentication Protocol (EAP) for smart cards, certificates, and one-time passwords. Other methods are also supported, based on the telephone number that the user calls or calls from, although these methods are inherently less secure.