August 7, 2009
Authentication,Authorization and Accounting (AAA), is an IP based networking to control what computer users in network have access to and to keep track of what￢ﾀﾙs the user is doing over a network.
Authentication refers to the confirmation that a user who is requesting services is a valid user or not. Authentication is accomplished by an identity and some credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).
Based on their authentication, like giving access to particular service in a website and restricting the usage of other service. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user.
Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time.
List of AAA Protocols
Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for controlling access to network resources. RADIUS is commonly used by ISPs and corporations managing access to Internet or internal networks across an array of access technologies including modem, DSL, wireless and VPNs.
It’s an upgrade of RADIUS protocol.
Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server. TACACS allows a remote access server to communicate with an authentication server in order to determine whether the user has access to the network.
TACACS allows a client to accept a username and password and send a query to a TACACS authentication server. This server was normally a program running on a host. The host would determine whether to accept or deny the request and send a response back.