[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Web Surfing Authentication using NT Domains
Where is the RADIUS or TACACS at in the DMZ or internal. Frank Darden <[email protected]> on 01/25/2001 05:15:04 PM To: "'Jarmoc, Jeff'" <[email protected]>, "'Luke, Jason (ISS Southfield)'" <[email protected]>, "'Toth, David'" <[email protected]>, cc: (bcc: Eliot Irons/Sentry) Subject: RE: [FW1] Web Surfing Authentication using NT Domains The limitation is that the FW machine must be a part of the domain in order for OS password method to authenticate and therefore must have evil insecure NT services running on it in order to talk to either the PDC or BDC. It is commonplace to remove the NT networking features when installing FW-1. This is why I suggested using RADIUS or TACACS as this acomplishes the same task in a more secure fashion. Frank -----Original Message----- From: Jarmoc, Jeff [mailto:[email protected]] Sent: Thursday, January 25, 2001 5:49 PM To: 'Luke, Jason (ISS Southfield)'; 'Toth, David'; [email protected] Subject: RE: [FW1] Web Surfing Authentication using NT Domains I'm almost sure what Jason is saying is true, but I just wanted to point out that any BDC should be able to authenticate users, not just the PDC. Unless there's some really bizarre design in FW-1 that prevents BDCs from authenticating, but that seems way out there. BDCs are really meant for this purpose, I don't see any reason why Checkpoint would limit that. -----Original Message----- From: Luke, Jason (ISS Southfield) [mailto:[email protected]] Sent: Thursday, January 25, 2001 3:23 PM To: 'Toth, David'; [email protected] Subject: RE: [FW1] Web Surfing Authentication using NT Domains Haven't tried it but I believe if your firewall is NT and on the Domain, you can select OS Password as your authentication method. User hits rule with Authentication, prompts NT OS to see if it is valid, NT Firewall doesn't have the user defined locally so it polls the PDC, and the PDC validates the user. -----Original Message----- From: Toth, David [mailto:[email protected]] Sent: Wednesday, January 24, 2001 12:11 PM To: [email protected] Subject: [FW1] Web Surfing Authentication using NT Domains All, Is is possible to use your NT domains to authenticate Internet users thru FW-1 or do I have to use an LDAP or RADIUS server? Thanks in Advance, Dave. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ______________________________________________________________________ This e-mail is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this mail in error, please tell us immediately by return e-mail and delete the document. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|