Access Control 编辑

Authentication is a process by which you verify that someone is who they claim they are. To perform authentication, a user must already have an account created in a system which can be interrogated by the authentication mechanism, or an account must be created as part of the process of the first authentication. Citrix Application Delivery Management (ADM) provides a method for authenticating both local users and external users. While local users are authenticated internally, Citrix ADM supports external authentication with RADIUS, LDAP, and TACACS protocols. When a user attempts to access Citrix ADM that is configured for external authentication, the requested application server sends the user name and password to the RADIUS, LDAP, or TACACS server for authentication. Once authenticated, the required protocol is used to identify the user on Citrix ADM.

Access Control is the process of enforcing the required security for a particular resource. It is a security technique that can be used to regulate who can view or use resources in a computing environment. The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform. Access control constrains what a user can do directly, and what programs running on behalf of the users are allowed to do. In this way access control seeks to prevent activity that can lead to a breach of security. Access control assumes that the authentication of the user has been successfully verified prior to enforcement of access control through a reference monitor. Citrix ADM allows fine-grained, role-based access control (RBAC) by which the administrators can provide access permissions to users based on the roles of individual users within an enterprise. RBAC in Citrix ADM is achieved by creating access policies, roles, groups, and users.