NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] radius authentication


  • To: [email protected]
  • Subject: Re: [FW-1] radius authentication
  • From: Lars Troen <[email protected]>
  • Date: Sun, 23 Feb 2003 20:10:03 +0100
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcLbX7HTS+FUIwPwSXmEs7KbACKHJgADrCMQ
  • Thread-topic: Re: [FW-1] radius authentication

Norman,
I don't see real advantage in using Linux here. Fw-1 supports authentication schemes the very same way on linux, win32 and any other platform it supports. You could probably use linux to configure a s/key based radius server, something  that will be useful now that s/key support is about to be discarded by CP.

Lars

> -----Original Message-----
> From: Norman Zhang [mailto:[email protected]]
> Sent: Sunday, February 23, 2003 17:38
> To: [email protected]
> Subject: Re: [FW-1] radius authentication
>
>
> Hi Lars,
>
> Seeing your reply makes wonder if setting RADIUS on W2K/NT is
> really good
> idea. Do you need if there's a similar solution in Linux? I
> know Linux can
> hook with NT via Samba.
>
> Regards,
> Norman
>
> ----- Original Message -----
> From: "Lars Troen" <[email protected]>
> To: <[email protected]>
> Sent: Saturday, February 22, 2003 11:56 PM
> Subject: Re: [FW-1] radius authentication
>
>
>  Yes, it only supports chap. The disadvantage of that is if someone's
> capturing packets between the firewall and the radius server
> they are able
> to figure out the credentials. This is not of much value for
> the hacker if
> you're using one time passwords (otp). There are several
> radius servers that
> supports this and you have SecurID. SecurID is using an
> encrypted protocol
> (DES) for authentication. S/Key is otoh soon to be discarded.
> fw-1 also
> supports Tacacs, cisco's proprietary auth protocol that some software
> supports and I'm not too sure about the protocol details.
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.