Authentication, Authorization and Accounting

What is Authentication, Authorization and Accounting (AAA)?
AAA is an architectural framework that configures a set of three independent security functions in a consistent manner. AAA helps to provide a modular way of performing the following services:

1) Authentication
How does Authentication help? It provides methods for identifying users, which includes log in and password dialog, challenge and response, messaging support, and depending on the security protocol you select, encryption. How Authentication works is that a user is identified prior to being allowed access to the network and network services. To configure AAA authentication, the user has to define a named list of authentication methods.

2) Authorization
How does Authorization help? It provides methods for remote access control, which includes one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, IPX, ARA and Telnet. How Authorization works is by assembling a set of attributes that describe what the user is authorized to perform. The attributes are compared to the information that is contained in a database for a given user, which the result will be returned to AAA to determine the user's acutal capabilities and restrictions.

3) Accounting
How does Accounting help? It provides methods for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands such as PPP, number of packets and number of bytes. How Accounting work is that it enables the user to track the services users that are accessing as well as the amount of network resources they are consuming. The network access server reports user activity to the RADIUS or TACACS+ security server in the form of accounting records when AAA Accounting is activated.

References:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html