Since we seem to be on the general subject of authentication and authorization, here’s a good introduction to how LDAP, Kerberos, and RADIUS technologies work together. There are many others, including quite a few from Microsoft and Apple, both of whom embraced these things a long time ago.
To briefly quote three bullet-points from that article:
- LDAP - The Who, What, and How: LDAP is what's called a Directory System. It‘s a database system, essentially, used to store information about the various entities on your network ...
-
Kerberos - I’m really who I say I am: While LDAP stores the information about you, Kerberos is responsible for telling services on the network who you are ...
-
RADIUS - He’s with me, let him in: Unless a device is actually on the network, it can’t use Kerberos (or LDAP) to authenticate itself. But your network would hardly be secure if you allowed anyone to connect to it without authenticating themselves first. This Catch-22 has been solved using a system called RADIUS ...