To take AAA a step further, imagine that you are about to take a vacation. You are going to take a commercial airline to your vacation hot spot. The airplane has a couple of rows in the front that are very nice, leather, wide, and comfortable. You would prefer to sit here instead of the seats that are farther back, because those are stiff, uncomfortable, and do not offer much leg room. Unfortunately, if you purchased a coach class ticket, you cannot sit in the first-class seat in the front of the plane. Similar to this process is the authorization function of AAA. If you have a "coach" authorized ticket, you cannot access "first-class resources." This information is all kept in the airline's computer and can easily be verified by looking your name up in the computer and referencing the seat assignment. Authorization is a method of providing certain privileges or rights to remote users for services requested. Support for authorization includes IP, Internetwork Packet Exchange (IPX), AppleTalk Remote Access (ARA), and Telnet. Authorization can be configured to the group that a member is a part of or on an individual user basis. User authorization overrides group authorization. Authorization can be configured locally in some cases or kept on a remote AAA server. The remote server might be easier for administration depending on your network environment. Authorization is the second module of the AAA framework. The following steps are needed for authorization to take place:
A method list configures authentication; a method list is also configured to define methods of authorization. It is necessary to authenticate a user before you can determine what that user is authorized to do. Therefore, authorization requires authentication. |