This section summarizes the main points of this chapter:
Authentication methods range from the use of no username or password; to static usernames and passwords, aging usernames and passwords, and the S/Key one-time password system; to the strongest authentication, one-time passwords using token cards and server systems.
CHAP authentication includes a periodic three-way handshake to verify the authenticity of the CHAP client.
Authorization controls access to network services and destinations.
Accounting tracks user data in the network access server or the security server.
In AAA with a local security database, the network access server performs AAA services and contains a user database.
In AAA with a remote security database, the security server performs AAA, enabling centralized management of multiple network access servers.
TACACS+ separates authentication, authorization, and accounting services.
RADIUS accounting is made more powerful with the use of extensible vendor-specific attribute-value pairs.
Kerberos works with a key distribution center. Servers must be "Kerberized" to support Kerberos services.
Cisco offers three remote security database products: CiscoSecure ACS for Windows NT, CiscoSecure ACS for UNIX, and CiscoSecure Global Roaming Server.