An authentication server is a device that controls who may access a computing network. The goals of authentication are authorization, privacy, and non-repudiation. Authorization determines what objects or data a user may have access to on the network, if any. Privacy keeps information from being disclosed to non-authorized individuals. Non-repudiation is often a legal requirement and refers to the fact that the authentication server may record all access to the network along with identifying data, such that a user cannot repudiate, or deny, the fact that he or she has accessed or modified the data in question.
Authentication servers come in many different forms. The software controlling the authentication may reside in a network access server computer, a router or other piece of hardware controlling access to the network, or some other network access point. Regardless of the type of machine that is hosting the authentication software, the term authentication server is still usually used to refer to the combination of hardware and software that fulfills the authentication function.
In addition to variations in hardware, there are a number of different types of logical algorithms that can be used by an authentication server. The simplest of these authentication algorithms is usually considered to be the use of passwords. In a simple implementation, the authentication server may simply store a list of valid user names and the corresponding passwords, and authenticate all users who attempt to connect to the network according to this list.
Kerberos is another type of authentication protocol, used in many Windows® authentication server systems, for example, and in some online security or Internet security systems. There are three main aspects to Kerberos authentication: authentication of the user's identity, secure packaging of the user's name, and secure transmission of the user credentials over the network. Kerberos authentication servers on Windows® operating systems are available for the Windows XP®, Windows 2000®, and Windows 2003® operating systems.
A proxy server is a server or computer that intercepts requests to and from an inner network and an external network, such as the Internet. Proxy servers sometimes act as authentication servers, in addition to a number of other functions that they may fulfill. There are many different options that may be used to implement authentication servers, including hardware, operating system, and software package requirements. As such, it is usually important for an organization to thoroughly analyze security requirements prior to implementing an authentication server into the networking environment.