Authentication, Authorization, and Accounting are the terms used to define 3 functions in IT and it is also known as AAA. They are used to control access to various IT resources like network, service, server, etc. AAA simply consists of 3 steps where each develops others for complete security.
What Is Authentication?
Authentication means the method of recognizing a user or party. By this, simply verifying the user with generally user-provided data which is usually a username and password. Authentication is also important for security where without identifying users there will be no security and related restrictions. The various authentication methods are certification, public/private keys, tokens, images, etc. Usually, authentication needs a single method to reach but recently multiple authentication methods can be accepted for a single authentication, and that is called 2-factor authentication or multi-factor authentication.
What Is Authorization?
After the user is confirmed it should be authorized according to its rights. The authorization will surely define and set the authenticated user rights. Authorization generally use privilege levels where puts authorized user into a privileges level or user group like the user, editor, moderator, superuser, an administrator to control user rights simply and easily.
What Is Accounting?
If the user is successfully authenticated and authorized it is accessed into the system or granted resource. The user will use resources, networks, systems, or services according to the provided privileges. While utilizing these resources the user access is logged and saved and it is called Accounting to track user usage.
The below are the common protocols.
TACACS and AAA
Tacacs or Tacacs+ is an AAA protocol that is built by Cisco to use its network-based products. Tacacs is the first generation of the protocol where Tacacs+ is a next-generation AAA protocol with advanced features.
RADIUS and AAA
Radius is another AAA protocol that gives very similar features and assistance to the Tacacs. Radius is an open standard and generally accepted protocol.
LDAP and AAA
LDAP is another common protocol that does authentication and authorization which is similar to the AAA. LDAP provides authentication and authorization in an open way which is supported by a lot of different devices, systems, and software. LDAP stores the user data like username, ID, password, home path, certificate, etc. and check the authentication with the provided credentials, and delivers the result.