[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Prompt-less authentication for Web access
The *easiest* way (as you'd suspect) would be to use a combination of an internal Windows based proxy server doing NTLM authentication, and IE 4.0 or higher. In this combination, IE will tranparently pass the user's credentials to the proxy when asked for them. Another possibility might be to have the firewall query your internal LDAP server if you currently have one set up. Could you set it to simply look up whether or not a particular user is already authenticated, and if so, check if they're in the "Allow Internet" group, then allow the traffic? I also hear there is going to be a new Firewall-1 5.0 module which will plug in to an NT PDC/AD/DHCP Server and, via CVP, pass userID to IP mappings to the firewall in real time. But that won't be released until at least September of this year... Anyway, hope this helps. Jason WItty, CISSP http://www.securitystats.com At 12:02 PM 4/3/01 +0100, Philippe Oechslin wrote: > > > >Hello, > >I am looking for a solution that allows only privileged users to surf the >Internet, without having a password prompt requesting them to enter their >username and password. > >Does anybody know of a way to do client authentication on FW1 without password >prompting. To make things worse, I am in a DHCP environment and thus cannot on >IP addresses. > >If it is not possible with FW1, does anybody know another simple way to achieve >this. I think MS-proxy does something like this by looking up if a user is >logged in an NT Domain. An NT-independant solution would be preferred. > > thanks in advance, > > Philippe > > > > > > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|