AAA server , is known as Authentications, Authorizations and Accouting Server, and it used for access control. Authentication identifies the user. Authorization implements policies that determine which resources and services a valid user may access. Accounting keeps track of time and data resources used for billing and analysis.
Authentication
This is kind of process to establish a digital identity between entities which refering to a client and a server. The authentication is done via presenting an identity ( i.e. login user name ) and a credentials ( i.e. password, digital certificates, one-time-token etc. )
Authorization
This is a process for granting privileges ( or blocking ) to a client by server after authentication process, what privilege requested and the current system state. The authorization is based on :
- Time-of-day restriction.
- Physical location restriction.
- Restrictions again multiple login at a single point of time.
- Ability to gain access to certain service :
- IP address and TCP/IP settings.
- Routing information
- QoS
- Bandwidth allocated.
- Encryptions and tunnelling
- and so on.
Accounting
This process is to collect the consumption information of an user for network management, planning, billing purposes etc. There are some typical information that being gathered are the identity of the user, the nature of the service delivered and the period that the service being used.
Type of AAA Protocol
There are few common types of AAA protocol, which are :
- Radius
- DIAMETER
- TACACS
- TACACS+
Some combinations with the protocol and AAA protocol above are being used :
- PPP
- EAP
- PEAP
- LDAP etc.
Refers : The webpage of the Authentication, Authorization and Accounting IETF working group
I will continue in Radius and Diameter AAA protocol in the following posts, remember to come back ya...~
No comments:
Post a Comment