NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] radius authentication



Hi Lars,

Seeing your reply makes wonder if setting RADIUS on W2K/NT is really good
idea. Do you need if there's a similar solution in Linux? I know Linux can
hook with NT via Samba.

Regards,
Norman

----- Original Message -----
From: "Lars Troen" <[email protected]>
To: <[email protected]>
Sent: Saturday, February 22, 2003 11:56 PM
Subject: Re: [FW-1] radius authentication


 Yes, it only supports chap. The disadvantage of that is if someone's
capturing packets between the firewall and the radius server they are able
to figure out the credentials. This is not of much value for the hacker if
you're using one time passwords (otp). There are several radius servers that
supports this and you have SecurID. SecurID is using an encrypted protocol
(DES) for authentication. S/Key is otoh soon to be discarded. fw-1 also
supports Tacacs, cisco's proprietary auth protocol that some software
supports and I'm not too sure about the protocol details.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.