Radius, TACACS+, and Kerberos

Radius

Remote Authentication dial-In User Service (RADIUS) is a mechanism for implimenting the Authentication, Authorization, and Account (AAA) server with enterprise authentication.

Radius servers have no ability to read user credentials but rather act as a node in the system knowing where to forward a authentication request.

The wireless access point must be configured with the host name or IP address of the RADIUS server and a shared secret. The shared secret allows the RADIUS server and access point to trust one another.

TACACS+

Terminal Access Controller Access Control system Plus (TACACS+) is another mechanism for implemtnation the Authentication, Authorization, and Account (AAA) server with enterprise authentication.

Developed by CISCO Open used for VPN connections for users

Kerberos

Kerberos is a way of authenticating a user against a windows Domain Controller (DC) over a trusted local cable segment, as a Single Sign On (SSO).

Users are provided a ticket which the system then can use as a way for identifying possible rights and permisions on servers.