Authentication,Authorization And Accounting?

If radius is Authuntication protocol why use kerberos,pap,c开发者_开发知识库hap,... ?

---

The Remote Authentication Dial-In User Service (RADIUS) protocol provides authentication, authorization, and accounting (AAA) for dial-in infrastructures, and it uses the same account and password to log into your company network through modem, WiFi, or a VPN tunnel. RADIUS has many carrier-grade features (the whole accounting part, for example) and is designed to operate in explicitly configured backbone networks. But it is not well suited for PC and workstation networks and doesn't have the single-sign-on capability offered by Kerberos.

On the Other Hand, Kerberos provides an encrypted authentication service using shared secret keys. Kerberos can also support authentication via public key cryptography, but this is not covered by RFC 4120. Kerberos does not provide an authorization service, but Kerberos does support pass-through to other authorization services. Kerberos does not provide an accounting service.

For More Information about the PAP and CHAP, refer the following url http://www.zeroshell.net/eng/kerberos/

and this url too you can refer http://www.firewall.cx/ftopict-2679-.html

---

RADIUS (Remote Authentication Dial In User Service), defined in RFC 2865, is a protocol for remote user authentication and accounting.

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.

---

Suppose you have Vodafone or Orange Telecom operator's connectivity at your home for internet connectivity.so,you will be needing a particular user id and password to access that. Here Radius Protocol is used.

Technically, if you see the network file(.pcap file) that Wireshark Tool uses. You will see that it contains Attribute Value Pairs that contains user name, password fields.

Radius uses CHAP password.So, it is more secured in terms of middle attack. I hope you got my point