What is the difference between authentication and authorization?

Solution 1:

  • Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.

  • Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.

Solution 2:

Authentication is about who somebody is.

Authorisation is about what they're allowed to do.

Solution 3:

Authentication: I am an employee of the company. Here is my ID badge.

Authorization: As an employee of the company, I am allowed entrance into the building.

Solution 4:

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords.
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular.
For more information please see wikipedia

Solution 5:

Authentication

Authentication confirms who you are. For example, you can login to your Unix server using ssh client, or access the server using POP3 and SMTP email client. Typically, PAM (Pluggable Authentication Modules) is used as a low-level authentication schemes into a high level application programming interface (API), which allows programs that rely on authentication to be written independently of the underlying authentication scheme.

Authorization

Authorization is the process to confirm what you are authorized to perform. For example, you are allowed to login to your Unix server via ssh client, but you are not allowed to browser / data2 or other file systems. Authorization occurs after authentication is successful. Authorization can be controlled at the level of file system or use a variety of configuration options such as application level chroot. Normally, the connection attempt should be good authentication and authorization by the system. You can easily find out why the connection attempts are either accepted or rejected with the help of two factors.