The figure shows a five-step process of how the server
authenticates Fred. Authentication, the first "A" in
AAA, is the process of determining if the user is who he says he is. The steps
shown in the figure are as follows:
|
1. |
Fred requests a web page.
|
|
2. |
The web server replies, asking Fred's PC for a username and
password.
|
|
3. |
Fred types in his username and password and sends it back to
the web server.
|
|
4. |
The web server checks its list of usernames and verifies that
the password is correct.
|
|
5. |
If the username and password are correct, the web page
returns the contents of the web page.
|
Fred is happy so far because he still gets his web page. Later,
Fred will want to send e-mail, and he'll have to plug in a username and password
to use a POP3 server. He might want to transfer files using FTP and will need a
username and password. But Fred's still good old Fred, and there's no need for
him to have three sets of usernames and passwords, one for each application
server.
To solve the problem, the usernames and passwords can be listed
on a server called an authentication server, and the
various application servers can then query the authentication server. Depending
on the operating systems that run on the application servers and how they are
configured, they can use different products and protocols between the
application servers and the authentication server. For instance, with Microsoft,
the authentication server might be called a domain controller, or an Active
Directory server. With UNIX, a protocol called Kerberos might be used.
Regardless of the details of the authentication server and the protocols used,
the basic flow works as shown in Figure
17-2.
Sections
Comments (0 posted)
Syndication
