Authentication, Authorization and Accounting is a term used to describe 3 functions in IT. Mainly AAA is used to control access to different IT resources like network, service, server, etc. AAA simply consists of 3 steps where each completes others for perfect security.
What Is Authentication?
Authentication is the process of identifying a user or party. In a simple way validating the user with generally user-provided data which is generally a username and password. For example, during the login of the Gmail, we will require to put the correct and existing username and password for authentication. Authentication is also important for security where without identifying users there will be no security and related restrictions. There are also different authentication methods like certification, public/private keys, tokens, images, etc. Authentication generally requires a single method to pass but recently multiple authentication methods can be used for a single authentication which is generally called 2-factor authentication or multi-factor authentication.
What Is Authorization?
The second step for AAA is
Authorization . After the user is authenticated it should be authorized according to its privileges. A low-level user shouldn’t have a high level or administrator-level privileges. The authorization will strictly specify and set the authenticated user rights. Authorization generally use privilege levels where puts authorized user into a privileges level or user group like the user, editor, moderator, superuser, an administrator in order to manage user rights in a simple and easy way.
What Is Accounting?
When the user is authenticated and authorized successfully it is entered into the system or provided resource. The user will use resources, networks, systems, or services according to the provided privileges. While using these resources the user access is logged and stored which is called as
Accounting in order to track user usage.
TACACS and AAA
Tacacs or Tacacs+ is an AAA protocol that is created by Cisco in order to use its network-based products. Tacacs is the first generation of the protocol where Tacacs+ is a next-generation AAA protocol with advanced features.
RADIUS and AAA
Radius is another AAA protocol that provides very similar features and services to the Tacacs. Radius is an open standard and widely used protocol that is defined with RFCs.
LDAP and AAA
LDAP is another popular protocol that provides authentication and authorization which is related to the AAA. As a popular protocol LDAP provides authentication and authorization in an open way which is supported by a lot of different devices, systems, and software. LDAP stores the user information like username, id, password, home path, certificate, etc. and check the authentication with the provided credentials and returns the result. LDAP also provides authorization information for users.