Which AAA protocol combines authentication and authorization processes?

RADIUS, which stands for Remote Authentication Dial-In User Service, is the AAA protocol that effectively combines both authentication and authorization processes into a single framework. This integration allows RADIUS to facilitate user login and access rights management seamlessly.

When a user attempts to connect to a network, RADIUS first authenticates the user's credentials against a database or directory service. Once authenticated, the same message flows can also convey authorization information, like the user's permissions and access levels. This dual function of RADIUS is particularly advantageous in scenarios where a streamlined process is important and minimizes the complexity involved in managing separate systems for these two critical security functions.

On the other hand, while TACACS+ also supports the functions of authentication and authorization, it technically separates these processes more distinctly compared to RADIUS, where they can be merged. Kerberos focuses primarily on mutual authentication and does not handle authorization in the same integrated manner as RADIUS. Diffie-Hellman is a key exchange algorithm used primarily for securely exchanging cryptographic keys and does not pertain to AAA functions at all. Thus, RADIUS stands out for successfully combining authentication with authorization in a unified approach.