# SSO - a third party is queried to verify authentication - apples, google, facebook - no local password # MFA - username+password AND another mechanism (biometric, OTP, HW token, etc.) # IAM (Identity & Access Mgmt) - identity: username and other biographic details - authentication: verify password, NFA, etc. - authorization: verify access based on need to know, least priv, etc. - related protocols: - LDAP (lightweight directory access protocol) stores identity, authentication, and/or authorization info - AD (active directory) leverages LDAP - PAM (pluggable authentication modules) - can interface with LDAP - SSSD (system security services daemon) RHEL orchestrator for identity and AAA - interfaces with LDAP, AD, PAM, etc. and caches info