[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to?
You can most certainly use S/KEY for one-time "passwords" with SecuRemote. You can also use RSA's SecureID which provides a one-time "password" as well. Additionally, you can use LDAP to store user credentials and have VPN-1 authenticate users against a directory is you purchase and install the LDAP Account Management license. That covers the user side. Using dynamic credentials for site-to-site tunnels can not be done and doesn't make much sense anyway. Pre-shared secrets or digital certs are the only methods available to you (both in the encryption tab of a FW object in the policy editor as well as, I _believe_, in the IETF standard specification for IKE). Chris -----Original Message----- From: Iztok Umek [mailto:[email protected]] Sent: Thursday, November 08, 2001 10:57 AM To: [email protected] Subject: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to? Is there any how-to to make VPN-1 (and CP vpn clients) use dynamic passwords with IKE encryption? As far as I figured out you have to define usernames/passwords within product itself (static) and can't use LDAP or s/key or OPIE or something like that. Any "how-to's"? Regards, Iztok =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|