The importance of the RADIUS shared secret and security:
- Provides data integrity; meaning that you have confidence that the information received came from the trusted (by knowing the secret) source without modification.
- Protects the user password during PAP authentication. Knowing the RADIUS shared secret, the clear-text password can be derived from the PAP encoded password.
- Protects the RADIUS server from a variety of attacks by requiring all RADIUS data pass verification against the shared secret. Typically, this means the RADIUS server simply does not process the data, dropping the RADIUS requests.
- Select strong shared secrets. Use one for each client, as much as possible. It is also recommended to have all RADIUS protected in a secure tunnel such as a VPN or RadSec.
For more information on RADIUS security, here are a variety of links: