Security+ Domain 4.0: Identity and Access Management: Chapter 19

Chapter 19: Identity and Access Services

Windows Authentication

LM

NTLM

NTLMv2

Kerberos

LDAP (X.500)

X.500 is the formal name for Directory Access Protocol, or DAP. This was developed my the DoD and shared with the open-source community via a Freedom of Information Act request, becoming LDAP, or Lightweight DAP. And LDAP consists of:

Key Distribution Center (a service on port 88)

Authentication Service

Ticket Granting Service

Key Distribution Center (KDC)

The KDC uses Kerberos for key distribution.

Kerberos

Kerberos is single sign-on. There are lots of details to it, and you should have seen the video in the previous lesson from CBT Nuggets. Here is Professor Messer’s take on it, which offers some different details.

Remote Access

PAP

CHAP

MSCHAPv2

RADIUS and TACACS+

Authentication

Authorization

Accounting

TACACS+ and RADIUS

Terminal Access Controller / Access Control System Plus is a Cisco protocol similar to RADIUS, if you’re familiar with that. It’s a remote-access protocol that gives you pass-through to an internal authentication server, like AD.

Open Authorization Standards

SAML

OpenID Connect

OAUTH

Shibboleth

Cloud Authentication

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html