An authentication server is what determines whether a person or another server is who or what they say they are. Authentication is usually done through credentials — a client submits logins, and they’re either granted or denied access to a service.
One of the most common examples of authentication is logging in to a website with credentials like an email address and a password.
Brute force: the attacker tries thousands of random combinations until they guess the password.
Credential stuffing: the attacker tries credentials from previously leaked databases to see if they match other services.