Control the Keys to the Kingdom
Access control and accounting are possible only if authentication takes place, but without all three processes, you can't implement a policy that stipulates who can access what, when, where and how, nor can you track who did what, when, where and how. Authentication--matching a user ID to an individual--is fundamental to security. Without knowing for sure that a user really is who he says he is, all your efforts toward access control and accounting are worthless.
The link for this article located at NetworkComputing is no longer available.