An authentication server provides a network service that applications use to authenticate the credentials, usually account names and passwords, of their users. When a client sends a valid set of credentials, it receives a cryptographic ticket that it can subsequently use to access various services.
Authentication is used as the basis for the authorization, which is the determination of whether a privilege can be granted to a particular user or process, privacy, which prevents information from being known by non-participants and non-repudiation, which is the inability to deny having done something that was authorized to be done based on authentication. Key authentication algorithms include passwords, Kerberos, and public key encryption.
An authentication server is an application that facilitates the authentication of an entity attempting to access a network. Such an entity may be a human user or another server. An authentication server can reside on a dedicated computer, an Ethernet switch, an access point, or a network access server.
Authentication is the process of determining if someone or something is really who or what is claimed to be. When a potential subscriber accesses an authentication server, a user name and password may be the only required identification data. In a more sophisticated system called Kerberos, the subscriber must request and receive an encrypted security token that can be used to access a particular service. RADIUS (Remote Authentication Dial-In User Service) is a commonly used authentication method. TACACS + (Terminal Access Controller Access Control System Plus) is similar to RADIUS but is used with Unix networks. RADIUS uses UDP (User Datagram Protocol) and TACACS + uses TCP (Transmission Control Protocol.