[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] radius authentication
Hi Lars, Seeing your reply makes wonder if setting RADIUS on W2K/NT is really good idea. Do you need if there's a similar solution in Linux? I know Linux can hook with NT via Samba. Regards, Norman ----- Original Message ----- From: "Lars Troen" <[email protected]> To: <[email protected]> Sent: Saturday, February 22, 2003 11:56 PM Subject: Re: [FW-1] radius authentication Yes, it only supports chap. The disadvantage of that is if someone's capturing packets between the firewall and the radius server they are able to figure out the credentials. This is not of much value for the hacker if you're using one time passwords (otp). There are several radius servers that supports this and you have SecurID. SecurID is using an encrypted protocol (DES) for authentication. S/Key is otoh soon to be discarded. fw-1 also supports Tacacs, cisco's proprietary auth protocol that some software supports and I'm not too sure about the protocol details. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|