SecurityandAccessConfiguration·Chapter5 187 Configuring Authentication, Authorization, and Accounting (AAA) You can use the AAA component of the system to manage user access to the appliance. Typically, AAA includes authentication, which identifies a user; authorization, which determines what a user is permitted to do; and accounting, which tracks aspects of user activity. Nokia IPSO implements Pluggable Authentication Modules (PAM), an industry-standard framework for authenticating and authorizing users. Using PAM, authentication, account management, and session management algorithms are contained in shared modules that you configure on your appliance. Configuring AAA Service Modules To configure a new AAA service on your appliance, you configure a service module. The service module is then shared by applications that need to invoke authentication, account management, or session management algorithms. When you create or modify a service module profile, you specify the service profile to use. Each service profile is composed of the authentication, account management, and session profiles it uses. For each profile type,