Services can get information about how to identify users, and what users are allowed to do, from various sources. For instance, they can keep local files (this is what Unix web servers do when they use “basic” authentication), or they can use the operating system’s normal methods (this is what Windows NT web servers do when they use “Windows NT Challenge/Response” authentication). However, there is now a third popular option, a centralized authentication service that is independent of the specific service and the specific computer the service is running on. That service makes up part of something often referred to as an AAA server.
An AAA server (sometimes spoken as “Triple A server”) provides authentication, authorization, and auditing services:
The process of obtaining verified, proven identification. Authentication determines who somebody or something is.
The process of determining what somebody can do. Don’t confuse authentication and authorization. Authentication is a prerequisite for authorization (unless everybody is authorized to do something, such as anonymous FTP).
Provides information on when authentication and authorization was granted or denied.
Authentication services attempt to prove identity, to ensure that you know what person you are dealing with. This task can be very easy if it doesn’t matter very much and you are in an environment you trust, or very difficult if people may be trying ...