A -
B
|
|---|
| A-V Pair | | Attribute-value pair.
|
|---|
| AAA | | Abbreviation for Authentication, Authorization,
and Accounting.
|
|---|
| AAA Server | | A software application that performs authentication,
authorization, and accounting functions.
|
|---|
| Access-Accept | | AAA Server returns an Access-Accept
to the client when an Access-Request is
valid. The Access-Accept will contain A-V
pairs that specify what services the authenticated user is
authorized to use.
|
|---|
| Access-Challenge | | The AAA Server returns an Access-Challenge
to the client when it is necessary to issue
a challenge that the user must respond to.
The client will resubmit the request with the user-supplied
information to the AAA Server.
|
|---|
| Access-Reject | | The AAA Server returns an Access-Reject
to the client when an Access-Request is
invalid.
|
|---|
| Access-Request | | Created by the client, the Access-Request
contains A-V Pairs, such as the user's
name, password, and ID of the client. The client submits the Access-Request
to an AAA Server. If the server can validate
the client, the server will attempt to match a user entry in its database
with information in the Access-Request to authenticate the
user.
|
|---|
| Accounting | | Logging session and usage information for session
control and billing purposes.
|
|---|
| Administrator | | Special user, known by the system on which the AAA
Server is running. The administrator is able to configure
and to manage the AAA Server.
|
|---|
| Application Service Provider | | Third-party entities that manage and distribute
software-based services and solutions to customers across
a wide area network from a central data center, abbreviated as ASP.
|
|---|
| ASP | | Application Service Provider.
|
|---|
| Attribute-Value Pair | | The RADIUS protocol defines things in terms of attributes. Each
attribute may take on one of a set of values. When a RADIUS packet
is exchanged among clients and servers, one or more attributes and
values are sent pairwise from the client to the server. For the
AAA Server software, all valid attributes and values are listed
in the dictionary file, abbreviated as A-V pair.
|
|---|
| Authentication | | The process of identifying and proving the identity
of an entity, for example, a user, a network client, or a network
server.
|
|---|
| Authorization | | The process of determining what types of activities
is permitted. Usually, authorization is in the context of authentication;
once users are authenticated, they may be authorized different types
of access or activity.
|
|---|
C -
D
|
|---|
| Challenge Handshake Authentication Protocol | | Log-in security procedure for dial-in
access. Rather than send an unencrypted password, a random number
is sent to the client as a challenge. The challenge is one-way
hashed with the password, and the result is sent back to the server.
The server does the same with its copy of the password and verifies
that it gets the same result to authenticate the user, abbreviated
as CHAP.
|
|---|
| CHAP | | Challenge Handshake Authentication
Protocol.
|
|---|
| Client | | NAS, proxy server, or other networking device that
uses the AAA Server services to authenticate and authorize users.
|
|---|
| Common Open Policy Service | | A query and response protocol that can be used to exchange
policy information between a policy server (Policy Decision Point
or PDP) and its clients (Policy Enforcement Points or PEPs, such
as a router), abbreviated as COPS.
|
|---|
| COPS | | Common Open Policy Service.
|
|---|
| Dialed Number Identification Service | | Each request is authenticated locally or forwarded
to a remote server according to the number called to access a network service.
|
|---|
| DNIS | | Dialed Number Identification Service.
|
|---|
E -
F - G
|
|---|
| EAP | | Extensible Authentication Protocol.
|
|---|
| Extensible Authentication Protocol | | Described in RFC 2284, abbreviated as EAP.
|
|---|
| Finite State Machine | | The Finite State Machine is the component of the
AAA Server software that controls the flow of access request authentication
and accounting request handling, abbreviated as FSM.
|
|---|
| Forwarding Server | | The AAA Server that receives
an Access-Request from a client and forwards
that request to another AAA server for authentication.
|
|---|
| FSM | | Finite State Machine.
|
|---|
H -
I - J - K
|
|---|
| Hint | | When a user requests access to a service of a specific
configuration, a client may provide this information
in an Access-Request as a hint to
the AAA Server. The server may reject the request
based on the hints or supply the service as specified by the hints,
by the server's configuration, or by a combination of the
hints and the server's configuration.
|
|---|
| IETF | | Internet Engineering Task Force.
|
|---|
| Integrated Services Digital Network | | A digital access line, abbreviated as ISDN.
|
|---|
| Interlink | | Used to connect multiple AAA servers in a fabric
with SLAs and to establish policies among them.
|
|---|
| Internet Engineering Task Force | | Internet standards setting organization, abbreviated
as IETF.
|
|---|
| Internet Protocol | | A Layer 3 (network layer) protocol that contains
addressing information and some control information that allows
packets to be routed, abbreviated as IP.
|
|---|
| Internet Research Task Force | | A group associated with IETF focusing on research rather
than standards, abbreviated as IRTF.
|
|---|
| Internet Service Provider | | Communications service company that provides Internet
access and services to its customers. ISPs range in size from small independents
serving a local calling area to large, established telecommunications companies,
abbreviated as ISP.
|
|---|
| IP | | Internet Protocol.
|
|---|
| IRTF | | Internet Research Task Force.
|
|---|
| ISDN | | Integrated Services Digital Network.
|
|---|
| ISP | | Internet service provider.
|
|---|
L -
M - N
|
|---|
| LAS | | Local Authorization Server.
|
|---|
| LDAP | | Lightweight Directory Access Protocol.
|
|---|
| LEAP | | Lightweight Extensible Authentication Protocol.
|
|---|
| Lightweight Directory Access Protocol | | Used for directories providing naming, location,
management, security, and other services for Internet networking, abbreviated
as LDAP.
|
|---|
| Lightweight Extensible Authentication Protocol | | Supports and manages the dynamic Wired Equivalent
Privacy (WEP) key exchange between Cisco Aironet 802.11x wireless
LAN clients and access points, abbreviated as LEAP.
|
|---|
| Local Authorization Server | | A Local authorization server is
the HP-UX AAA code that authorizes, accounts, and bill
users based on realms, abbreviated as LAS.
|
|---|
| MS-CHAP | | Microsoft Challenge-Handshake Authentication Protocol
is an implementation of the CHAP protocol that Microsoft created
to authenticate remote Windows workstations. In most respects, MS-CHAP
is identical to CHAP, but there are a few differences. MS-CHAP is
based on the encryption and hashing algorithms used by Windows networks,
and the MS-CHAP response to a challenge is in a format optimized
for compatibility with Windows operating systems.
|
|---|
| NAI | | Network Access Identifier
|
|---|
| NAS | | Network Access Server
|
|---|
| Navigation Tree | | Refers to the navigation links on the left side
of the Server Manager GUI.
|
|---|
| Network Access Server | | A device that interfaces telephony circuits to the
network, abbreviated as NAS.
|
|---|
O -
P - Q
|
|---|
| PAP | | Password Authentication Protocol.
|
|---|
| Password Authentication Protocol | | A simple password protocol that transmits a user
name and password across the network, unencrypted, abbreviated as
PAP.
|
|---|
| Point-to-Point Protocol | | The standard protocol for dial-up networking.
The family of standards covers many aspects including authentication,
encryption, compression, addressing, multi-protocols, etc.,
abbreviated as PPP.
|
|---|
| Policy | | Policy is a very broadly used term. To the AAA server,
it means the conditionally applicable set of attribute-value
pairs that an AAA protocol, such as RADIUS, may support. HP-UX
AAA policies are simple or complex decisions that control the authentication,
authorization, and accounting process for a user's access request.
|
|---|
| PPP | | Point-to-Point Protocol.
|
|---|
| Protocol | | A set of rules established between two devices to
allow communications to occur.
|
|---|
| Proxy | | The mechanism that allows one system to mediate
between two other systems in response to protocol requests. A RADIUS
server can act as a proxy client and forward an Access-Request to
another AAA server for authentication. As a proxy client, the server
would mediate the requests and replies between the client where
the Access-Request originated from and the server that
the request was forwarded to.
|
|---|
R -
S
|
|---|
| RADIUS | | Remote Access Dial In User Service.
|
|---|
| RADIUS Client | | A NAS or other device that sends requests to an
AAA server.
|
|---|
| RAS | | Remote Access Server.
|
|---|
| Realm | | A realm is a logical group of users, who usually
can be authenticated using one particular method. Grouping users
into realms simplifies the management of those users in a distributed
environment. For example, an ISP's users may be from different
organizations located in different cities. Each organization already
has one way or another to authenticate its users and each corresponds
to a realm. Each realm would be responsible for managing its users, providing
authentication and authorization for their access requests.
A
realm has a name that looks very much like a domain name, but they
bear different meanings. Realms are only used by the AAA Server
to determine where an authentication request should be sent and what
kind of authentication to request, etc. Naming a realm with its
domain name simplifies things for the users, since their access
ids will then look the same as their e-mail addresses.
A realm may also have multiple aliases, providing a way to shorten long
realm names.
|
|---|
| Remote Access Dial In User Service | | An authentication and accounting protocol defined
by the IETF in a series of RFCs, abbreviated as RADIUS.
|
|---|
| Remote Access Server | | A service that allows remote clients running Microsoft Windows
or Windows NT to dial in to a network, abbreviated as RAS.
|
|---|
| Remote Server | | In the context of a proxied Access-Request,
the remote server is the AAA server that receives the request from
the forwarding server. The remote server authenticates
the request and sends a reply to the forwarding server.
|
|---|
| Request For Comment | | The basis for an IETF standard, abbreviated as RFC.
|
|---|
| RFC | | Request For Comment.
|
|---|
| SAT | | Simultaneous access token.
|
|---|
| Server Manager | | A Web-based graphical user interface which provides
an interface between an administrator and the AAA servers. In addition
to creating, modifying, and deleting entries in many of the server's configuration
files, an administrator may start and stop the AAA server, access
the server's status and system time, retrieve information
from accounting and session logs, and terminate sessions.
|
|---|
| Service | | The RADIUS client provides
a service to the dial-in user, such as PPP or Telnet.
|
|---|
| Session | | Each service provided by the client to
a dial-in user constitutes a session, with the beginning
of the session defined as the point where service is first provided
and the end of the session defined as the point where service is
ended. A user may have multiple sessions in parallel or series if
the RADIUS client supports that feature.
|
|---|
| Simple Network Management Protocol (SNMP) | | SNMP provides a mechanism for a centrally located
management workstation to monitor the activity of remote computers and
network services.
|
|---|
| Simultaneous Access Token | | The concept of token helps define and enforce policies
in regard to modem pool sharing among various participating institutions.
A simultaneous access token is required when a user accesses a non-priority
modem. Tokens are allocated to realms and are grouped into pools.
The total number of tokens a realm has is defined by the HP-UX AAA
server so that the LAS may control simultaneous use, abbreviated
as SAT.
|
|---|
| SLA | | Service Level Agreement.
|
|---|
| SLS | | Service Level Specification.
|
|---|
T -
U - V - W - X - Y - Z
|
|---|
| Token | | See Simultaneous Access Token.
|
|---|
| Token Pool | | A token pool contains a number of tokens belonging
to some organization and having a given name. These tokens may be
shared among one or more realms.
|
|---|
| Tunneling | | A secure connection between a client workstation
and an intranet or other network, that provides a VPN to
a user. This connection may be a voluntary tunnel initiated by the
client or a compulsory tunnel initiated during authentication by
a server or other dedicated network equipment.
|
|---|
| Users | | Individuals whom the AAA server must authenticate
and authorize before by they can access an organization's
service, such as Internet access through an ISP.
|
|---|
| Virtual Private Network | | A network service offered by public carriers in
which the user is provided a network that in many ways appears as
if it is a private network (user-unique addressing, network management
capabilities, dynamic reconfiguration, etc.) but which, in fact,
is provided over the carrier's public network facilities, abbreviated
as VPN.
|
|---|
| VPN | | Virtual Private Network.
|
|---|
Printable version
