This essay provided by MiniTool group gives the accurate response to the query “in Active Directory, what does authorization.” It also includes a comprehensive explanation of the answer along with other confusing options.

Are you aware of what authorization means in Active Directory? Kerberos, RADIUS, LDAP, TACACS , or SAML?

About Active Directory?

Active Directory (AD) is a directory service that maps the names of network resources to their corresponding network addresses. It is developed by Microsoft for Windows domain networks, which is a form of the computer network where all user accounts, computers, printers, and other security entities are registered in a central database located on one or more clusters of central computers called domain controllers.

Active Directory is included in most Windows Server operating systems (OS) and functions as a collection of processes and services. Initially, AD managed only the centralized domain. However, it has evolved into an umbrella term for a wide range of directory-based identity-related services.

A server running the Active Directory Domain Service (AD DS) is referred to as a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigns and enforces security policies for all computers, and installs or updates programs.

The domain controller offers authentication and authorization mechanisms, allows management and storage of information, and creates a framework to deploy other associated services like lightweight directory services, rights management services (RMS), active directory federation services (AD FS), and certificate services.

Active Directory utilizes Domain Name System (DNS), Microsoft’s version of Kerberos, as well as versions 2 and 3 of Lightweight Directory Access Protocol (LDAP).

In Active Directory, What Does Authorization?

Lightweight Directory Access Protocol (LDAP)

What Is Lightweight Directory Access Protocol?

Lightweight Directory Access Protocol (LDAP) is an open and vendor-neutral industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

Lightweight Directory Access Protocol is outlined in a series of Internet Engineering Task Force (IETF) Standard Track publications called Request for Comments (RFCs), using the description language ASN.1. LDAP is based on a simpler subset of the standards contained within the X.500 standard. Hence, it is also known as X.500-lite.

A common function of Lightweight Directory Access Protocol is to provide a central place to store usernames and passwords. This allows many different services and applications to connect to the LDAP server to authenticate users.

Related Article: What Is Active Directory Users and Computers and How to Install

Since Lightweight Directory Access Protocol has gained traction, vendors have implemented it as an access protocol for other services. The implementation then restructures the data to mimic the LDAP/X. 500 model, but how closely this model is followed varies.

Similarly, data previously held in other types of data stores are sometimes transferred to Lightweight Directory Access Protocol directories. Generally, LDAP is used by other services for authentication or authorization, determining what actions a given already-authenticated user can perform on what service.

About Other Options for the Question “In Active Directory, What Does Authorization”

Kerberos

Kerberos is a computer network authentication protocol that operates based on tickets. It enables nodes to communicate over an insecure network to securely prove their identity to one another.

Kerberos is primarily designed as a client-server model and it provides mutual authentication. With Kerberos, both the server and the user verify each other’s identity.

Remote Authentication Dial-In User Service

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA or Triple-A) management for users who connect and utilize a network service.

Terminal Access Controller Access-Control System

Terminal Access Controller Access-Control System (TACACS) is a family of related protocols managing remote authentication and related services for networked access control via a centralized server.

The original Terminal Access Controller Access-Control System protocol, dating back to 1984, was used to communicate with an authentication server, common in older UNIX networks. Later, 2 related protocols derived from TACACS, extended TACACS (XTACACS) and Terminal Access Controller Access-Control System Plus (TACACS ).

Terminal Access Controller Access-Control System Plus was developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS is a separate protocol managing authentication, authorization, and accounting services. It has largely replaced its predecessors.

Security Assertion Markup Language

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, particularly between a server and an identity provider. It is also an XML-based markup language, a set of XML-based protocol messages, a set of protocol message bindings, as well as a set of profiles.

Also read:

• What Is FSMO and the 5 FSMO Roles in Active Directory
• Full Fix: Active Directory Domain Services Unavailable
• How to Fix LSASS.EXE High CPU Usage Issue on Task Manager

The above is the detailed content of In Active Directory, What Does Authorization? – LDAP. For more information, please follow other related articles on the PHP Chinese website!