Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

6.8.1. Authentication, Authorization, Accounting

Authentication: "Who are you?" Verification of identity. The user provides credentials (username/password, certificate, token) and the system verifies them against a database. Without authentication, anyone could claim to be an admin.

Authorization: "What can you do?" Once authenticated, what permissions does this user have? A helpdesk technician might be authorized to run show commands but not configure terminal. A senior engineer might have full access. Authorization policies define these boundaries.

Authorization without authentication is meaningless — how do you assign permissions if you don't know who the user is? That's why authentication always comes first.

Accounting: "What did you do?" A log of user actions: who logged in, when, from where, and what commands they ran. Essential for security audits, compliance, and troubleshooting. When something breaks at 3 AM, accounting tells you who was making changes.

Why centralize?
  • Consistency: Same policies on every device
  • Auditability: All access logged in one place
  • Efficiency: Add/remove users once, applies everywhere
  • Security: Disable a compromised account instantly across the network