Home > Uncategorized > Authentication vs. Authorization

Authentication vs. Authorization

So what’s the difference between these 2 terms? Quite a lot of people, even senior enterprise administrators tend to get this one wrong.

Well let’s try to establish this once and for all:

Authentication is all about checking and validating that a user is who he says he is. Authentication is commonly based upon a username and a password (but from now on and in the future we should all really be heading towards certificates).
To set a daily task to the word “Authentication”, this is really what you do once you logon to the domain at work once you’ve booted up your computer.

Authorization determines wheter a user has access to resources – i.e. on a specific share on the company fileserver.
It involves SAM, ACLs (Access Control Lists) and Kerberos.

So to keep it in a phrase:
“You need to authenticate at a DC to be authorized access to a share”

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: