L16 - T16B - S4 – Radius, TACACS+, and Kerberos

• AAA server (Authentication, Authorisation and Accounting)

• Network Directory

Enterprise Authentication uses _____ and _____

• These components can be implemented by several different protocols

RADIUS — Remote Authentication Dial-in User Service

AAA protocol used to manage remote and wireless authentication infrastructures e.g. wireless and VPN users– (A+) 

• One way of implementing the AAA server when configuring enterprise authentication

Mechanism

• Wireless access point is configured as a client of the [answer] server

  • Rather than storing and validating user credentials directly,

  • AP forwards this data between the [answer] server and the supplicant without being able to read it

  • The wireless AP must be configured with the host name or IP address of the [answer] server and a shared secret.  

  • The shared secret allows the [answer] server and AP to trust one another

TACACS+ — Terminal Access Controller Access Control System Plus

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management – (A+)

• Used in authenticating administrative access to

  • Routers, switches, and access points

Kerberos

On Windows networks, [answer] allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment

• Facilitates single sign-on (SSO)

  • [answer] server issues authorization tickets that give the user account rights and permissions on compatible application servers

• In practice, there are no access points with direct support for [answer]

• In theory, an access point could allow a user to authenticate directly to a directory server using the [answer] protocol

True

• Access points use RADIUS or TACACS+ and EAP

  • To tunnel the credentials and tokens that allow a domain user connecting via a wireless client to authenticate to a DC and use SSO authorizations

True or False: In practice, there are no access points with direct support for Kerberos.