NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] CheckPoint FireWall-1 Possible Authentication Bug?



hi there,
This is the solution
http://www.shmoo.com/mail/fw1/jul99/msg01197.html

-----Original Message-----
From: Jim Brown [mailto:[email protected]]
Sent: Thursday, September 07, 2000 1:21 AM
To: '[email protected]'
Subject: [FW1] CheckPoint FireWall-1 Possible Authentication Bug?




I am using external TACACS+ authentication with two defined groups (Group1
and Group2). Group1 contains a single local defined user (User1) while
Group2 contains a single user *generic.

GROUP1 USER1
GROUP2 *generic

User1 is also defined in the external TACACS+ authentication database that
is accessed by default using the *generic user. Group2 rules correctly
authenticate the User1 name against the external database without issue
using the *generic user entry. Things are fine and authentication works
perfectly until....... 

I added User1 into Group2 in addition to the *generic mapping. Installed
rulebase. Removed User1. Installed rulebase. Now any rules defined with
Group2 will not work unless User1 is physically placed into Group2 or I
completely delete User1 from the local firewall user database. 

User1 is no long processed by *generic user entry and it appears to remember
the User1 was removed from Group2?

I tried restarting the firewall with no luck.





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.