Skip to main content

Difference: Authentication and Authorization

·238 words·2 mins
Yuriy Semyenkov
Yuriy Semyenkov
DevOps, tech, geek, mentor
Table of Contents

Authentication and authorization — similar words with different meanings, and they are easy to confuse. Let’s explore the differences.


Authentication is a process that verifies you are who you claim to be. An example of authentication is entering a username and password. The system checks these credentials to confirm your identity.

In Linux systems, authentication is handled by files such as:

  • /etc/passwd — stores user information.
  • /etc/shadow — contains encrypted user passwords.
  • /etc/nsswitch.conf — directs where to look for user and group information and other resources, including DNS or network file system services. It tells the system to look for data in local files or, for example, in LDAP.


Authorization follows authentication and determines your access to resources or actions. It checks whether you are permitted access to certain service areas.

In Linux, access rights are defined through:

  • /etc/group — describes user groups and their members.
  • /etc/sudoers — specifies who can execute commands with superuser privileges.

Real-life Example

When you show your passport at the border, that’s authentication — you prove that you are John Smith. Deciding whether you can leave the country is a matter of authorization.

Important to remember: Authentication always precedes authorization. The system first needs to know who you are and then decides what you are allowed to do.

Прокомментировать статью, поделиться идеями, поболтать и задать вопрос можно в 👉 телеграм-чате, а так же обязательно подписаться на 👉 телеграм-канал!


Tech & Soft
How to commit only part of a file?
·231 words·2 mins
git guides
What do I listen to when I work
·258 words·2 mins