This essay provided by MiniTool group gives the correct answer to the question “in Active Directory, what does authorization”. It also offers a detailed explanation of the answer and other confusing options.
Do you know in Active Directory, what does authorization? Kerberos, RADIUS, LDAP, TACACS+, or SAML?
About Active Directory?
Active Directory (AD) is a directory service that maps the names of network resources to their respective network addresses. It is developed by Microsoft for Windows domain networks, which is a form of the computer network in which all user accounts, computers, printers, and other security principals are registered with a central database located on one or more clusters of central computers called domain controllers.
Active Directory is included in most Windows Server operating systems (OS) and serves as a set of processes and services. Originally, AD only manages the centralized domain. Yet, it has become an umbrella title for a large range of directory-based identity-related services.
A server running the Active Directory Domain Service (AD DS) is known as a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers and installing or updating programs.
The domain controller offers authentication & authorization mechanisms, allows management & storage of info, and establishes a framework to deploy other related services like lightweight directory services, rights management services (RMS), active directory federation services (AD FS), and certificate services.
Active Directory makes use of Domain Name System (DNS), Microsoft’s version of Kerberos, as well as version 2 and version 3 of Lightweight Directory Access Protocol (LDAP).
In Active Directory, What Does Authorization?
Lightweight Directory Access Protocol (LDAP)
What Is Lightweight Directory Access Protocol?
Lightweight Directory Access Protocol (LDAP) is an open and vendor-neutral industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Lightweight Directory Access Protocol is specified in a series of Internet Engineering Task Force (IETF) Standard Track publications called Request for Comments (RFCs), using the description language ASN.1. LDAP is based on a simpler subset of the standards contained within the X.500 standard. So, it is also known as X.500-lite.
A common function of Lightweight Directory Access Protocol is to offer a central place to store usernames and passwords. This enables a lot of different services and programs to connect to the LDAP server to validate users.
As Lightweight Directory Access Protocol has got momentum, vendors have offered it as an access protocol to other services. The implementation then recasts the data to mimic the LDAP/X. 500 model, but how closely this model is followed varies.
Similarly, data previously held in other types of data stores are sometimes moved to Lightweight Directory Access Protocol directories. Usually, LDAP is used by other services for authentication or authorization, what actions a given already-authenticated user can do on what service.
About other Options for the Question “In Active Directory, What Does Authorization”
Kerberos
Kerberos is a computer network authentication protocol that works based on tickets. It enables nodes to communicate over a non-secure network to prove their identity to one another in a secure manner.
Kerberos is designed mainly as a client-server model and it provides mutual authentication. Relying on Kerberos, both the server and the user verify each other’s identity.
Remote Authentication Dial-In User Service
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA or Triple-A) management for users who connect and use a network service.
Terminal Access Controller Access-Control System
Terminal Access Controller Access-Control System (TACACS) is a family of related protocols handling remote authentication and related services for networked access control via a centralized server.
The original Terminal Access Controller Access-Control System protocol, dating back to 1984, was used to communicate with an authentication server, common in older UNIX networks. Later, 2 related protocols derived from TACACS, extended TACACS (XTACACS) and Terminal Access Controller Access-Control System Plus (TACACS+).
Terminal Access Controller Access-Control System Plus was developed by Cisco and released as an open standard beginning in 1993. Though derived from TACACS, TACACS+ is a separate protocol handling authentication, authorization, and accounting services. It has widely replaced its predecessors.
Security Assertion Markup Language
Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, especially between a server and an identity provider. It is also an XML-based markup language, a set of XML-based protocol messages, a set of protocol message bindings, as well as a set of profiles.
Also read: