aaa计费请求_什么是AAA(身份验证,授权和计费)?
aaa计费请求
AAA or Authentication, Authorization and Accounting is a term used to describe 3 functions in IT. Mainly AAA is used to control access to different IT resources like network, service, server, etc. AAA simply consists of 3 steps where each completes others for perfect security.
AAA或Authentication, Authorization and Accounting是一个术语,用于描述IT中的3个功能。 AAA主要用于控制对不同IT资源(如网络,服务,服务器等)的访问。AAA仅包含3个步骤,每个步骤都可以完成其他步骤,以实现完美的安全性。
什么是身份验证? (What Is Authentication?)
Authentication is the process of identifying a user or party. In a simple way validating the user with generally user-provided data which is generally a username and password. For example, during the login of the Gmail, we will require to put the correct and existing username and password for authentication. Authentication is also important for security where without identifying users there will be no security and related restrictions. There are also different authentication methods like certification, public/private keys, tokens, images, etc. Authentication generally requires a single method to pass but recently multiple authentication methods can be used for a single authentication which is generally called 2-factor authentication or multi-factor authentication.
Authentication是识别用户或参与方的过程。 以一种简单的方式使用通常由用户提供的数据(通常是用户名和密码)来验证用户。 例如,在登录Gmail时,我们将要求输入正确和现有的用户名和密码进行身份验证。 身份验证对于安全性也很重要,因为如果不标识用户,就不会有安全性和相关限制。 也有不同的身份验证方法,例如证书,公钥/私钥,令牌,图像等。身份验证通常需要通过一种方法,但是最近,可以将多种身份验证方法用于一种身份验证,通常称为两要素身份验证或多因素身份验证。因素认证。
什么是授权? (What Is Authorization?)
The second step for AAA is Authorization . After the user is authenticated it should be authorized according to its privileges. A low-level user shouldn’t have a high level or administrator-level privileges. The authorization will strictly specify and set the authenticated user rights. Authorization generally use privilege levels where puts authorized user into a privileges level or user group like the user, editor, moderator, superuser, an administrator in order to manage user rights in a simple and easy way.
AAA的第二步是Authorization 。 用户通过身份验证后,应根据其权限进行授权。 低级用户不应具有高级别或管理员级特权。 授权将严格指定和设置经过身份验证的用户权限。 授权通常使用特权级别,其中将授权用户置于特权级别或用户组中,例如用户,编辑者,主持人,超级用户,管理员,以便以简单易用的方式管理用户权限。
什么是会计? (What Is Accounting?)
When the user is authenticated and authorized successfully it is entered into the system or provided resource. The user will use resources, networks, systems, or services according to the provided privileges. While using these resources the user access is logged and stored which is called as Accounting in order to track user usage.
成功验证和授权用户后,会将其输入系统或提供的资源。 用户将根据提供的特权使用资源,网络,系统或服务。 在使用这些资源时,将记录并存储用户访问权限,这称为“ Accounting ,以便跟踪用户使用情况。
TACACS和AAA (TACACS and AAA)
Tacacs or Tacacs+ is an AAA protocol that is created by Cisco in order to use its network-based products. Tacacs is the first generation of the protocol where Tacacs+ is a next-generation AAA protocol with advanced features.
Tacacs或Tacacs +是Cisco创建的AAA协议,以使用其基于网络的产品。 Tacacs是该协议的第一代,其中Tacacs +是具有高级功能的下一代AAA协议。
RADIUS和AAA (RADIUS and AAA)
Radius is another AAA protocol that provides very similar features and services to the Tacacs. Radius is an open standard and widely used protocol that is defined with RFCs.
Radius是另一个AAA协议,提供与Tacacs非常相似的功能和服务。 Radius是使用RFC定义的开放标准和广泛使用的协议。
LDAP和AAA (LDAP and AAA)
LDAP is another popular protocol that provides authentication and authorization which is related to the AAA. As a popular protocol LDAP provides authentication and authorization in an open way which is supported by a lot of different devices, systems, and software. LDAP stores the user information like username, id, password, home path, certificate, etc. and check the authentication with the provided credentials and returns the result. LDAP also provides authorization information for users.
LDAP是另一个流行的协议,它提供与AAA相关的身份验证和授权。 LDAP作为一种流行的协议,以开放的方式提供认证和授权,许多不同的设备,系统和软件都支持LDAP。 LDAP存储用户信息,例如用户名,ID,密码,家庭路径,证书等,并使用提供的凭据检查身份验证并返回结果。 LDAP还为用户提供授权信息。
翻译自: https://www.poftut.com/what-is-aaa-authentication-authorization-and-accounting/
aaa计费请求