Which of the following was based on a previous X.500 specification and allows either unencrypted
authentication or encrypted authentication through the use of TLS?

A.
Kerberos

B.
TACACS+

C.
RADIUS

D.
LDAP

Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application
protocol for accessing and maintaining distributed directory information services over an Internet
Protocol (IP) network. Directory services play an important role in developing intranet and Internet
applications by allowing the sharing of information about users, systems, networks, services, and
applications throughout the network. As examples, directory services may provide any organized set of
records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone
directory is a list of subscribers with an address and a phone number.
A common usage of LDAP is to provide a “single sign on” where one password for a user is shared
between many services, such as applying a company login code to web pages (so that staff log in only
once to company computers, and then are automatically logged into the company intranet).LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this
relationship, LDAP is sometimes called X.500-lite.
A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by
default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is available by default on ports
3268, and 3269 for LDAPS. The client then sends an operation request to the server, and the server sends
responses in return.
The client may request the following operations:
StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
Incorrect Answers:
A: Kerberos is a computer network authentication protocol which works on the basis of ‘tickets’ to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. Its designers aimed it primarily at a client–server model and it provides mutual authentication—
both the user and the server verify each other’s identity. Kerberos protocol messages are protected
against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a
trusted third party, and optionally may use public-key cryptography during certain phases of
authentication. Kerberos uses UDP port 88 by default. Kerberos is not based on a previous X.500
specification as is LDAP.
B: Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols
handling remote authentication and related services for networked access control through a centralized
server. The original TACACS protocol, which dates back to 1984, was used for communicating with an
authentication server, common in older UNIX networks. TACACS+ and RADIUS have generally replaced
TACACS and XTACACS in more recently built or updated networks. TACACS+ is an entirely new protocol
and is not compatible with its predecessors, TACACS and XTACACS. TACACS+ uses TCP (while RADIUS
operates over UDP). Since TACACS+ uses the authentication, authorization, and accounting (AAA)
architecture, these separate components of the protocol can be segregated and handled on separate
servers. TACACS+ is not based on a previous X.500 specification as is LDAP.
C: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized
Authentication, Authorization, and Accounting (AAA) management for users who connect and use a
network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it isoften used by ISPs and enterprises to manage access to the Internet or internal networks, wireless
networks, and integrated e-mail services.
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs
and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated
e-mail services. RADIUS is not based on a previous X.500 specification as is LDAP.

http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
http://en.wikipedia.org/wiki/TACACS
http://en.wikipedia.org/wiki/RADIUS