Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Prompt-less authentication for Web access

To: "Philippe Oechslin" <[email protected]>, "'Fw-1-Mailinglist (E-mail)" <[email protected]>
Subject: Re: [FW1] Prompt-less authentication for Web access
From: Jason Witty <[email protected]>
Date: Tue, 03 Apr 2001 06:50:05 -0500
In-reply-to: <[email protected]>
Sender: [email protected]

The *easiest* way (as you'd suspect) would be to use a combination of an
internal Windows based proxy server doing NTLM authentication, and IE 4.0
or higher.  In this combination, IE will tranparently pass the user's
credentials to the proxy when asked for them.  

Another possibility might be to have the firewall query your internal LDAP
server if you currently have one set up.  Could you set it to simply look
up whether or not a particular user is already authenticated, and if so,
check if they're in the "Allow Internet" group, then allow the traffic?

I also hear there is going to be a new Firewall-1 5.0 module which will
plug in to an NT PDC/AD/DHCP Server and, via CVP, pass userID to IP
mappings to the firewall in real time.  But that won't be released until at
least September of this year...  Anyway, hope this helps.

Jason WItty, CISSP
http://www.securitystats.com

At 12:02 PM 4/3/01 +0100, Philippe Oechslin wrote:
>
>
>
>Hello,
>
>I am looking for a solution that allows only privileged users to surf the
>Internet, without having a password prompt requesting them to enter their
>username and password.
>
>Does anybody know of a way to do client authentication on FW1 without
password
>prompting. To make things worse, I am in a DHCP environment and thus
cannot on
>IP addresses.
>
>If it is not possible with FW1, does anybody know another simple way to
achieve
>this. I think MS-proxy does something like this by looking up if a user is
>logged in an NT Domain. An NT-independant solution would be preferred.
>
> thanks in advance,
>
>  Philippe
>
>
>
>
>
>
>
>===========================================================================
=====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Prompt-less authentication for Web access
  - From: "Philippe Oechslin" <[email protected]>

Prev by Date: [FW1] Prompt-less authentication for Web access
Next by Date: RE: [FW1] Prompt-less authentication for Web access
Previous by thread: Re: [FW1] Prompt-less authentication for Web access
Next by thread: RE: [FW1] Prompt-less authentication for Web access
Index(es):
- Date
- Thread