Authentication, Authorization, and Accounting (AAA) Servers
AAA provides an extra level of protection and control
for user access in the following ways:
Authentication determines the firewall user.
Authorization determines what the firewall user can do.
Accounting determines what the firewall user did on the
network.
You can use authentication alone or with authorization
and accounting. Authorization always requires a user to be authenticated
first. You can use accounting alone, or with authentication and authorization.
Once the user's credentials are collected, they
are processed in one of the following ways:
Administrative
authentication supports the following types of servers:
local
RADIUS
TACACS+
For more information on administrative authentication,
see the JUNOS Software Administration Guide).
Firewall user authentication supports the following
types of servers:
Local authentication and authorization
RADIUS authentication and authorization (compatible with
Funk RADIUS server)
LDAP authentication only (supports LDAP version 3 and
compatible with Windows AD)
SecurID authentication only (using an RSA SecurID external
authentication server)
