[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Session Authentication Agent and Setup.ini / Wanted: Better Authe ntication
Hello, I'm testing Check Point's Session Authentication Agent and would like more information on configuring Setup.ini. Quote from Check Point's docs: "The SETUP.INI file in the DESKTOP PRODUCTS\SESSIONAGENT directory enables you to pre-configure the Session Authentication agent. This feature is useful if you plan to distribute the Session Authentication agent to many users and you do not want them to configure the agent themselves." -- SecAdmin.pdf pg. 521/549 The problem is that the documentation mentions the setup.ini, but does not document any of the options. The documentation picks up on a new subject after giving an example of the setup.ini file. Example Setup.ini Configuration: [FireWall] IPAddress= Any=FALSE [Cache] Method=Every time Timeout=30 My setup.ini file includes the following entries so far: [FireWall] IPAddress=w.x.y.z Any=FALSE [Cache] Method=Once Timeout=30 [SSL] AcceptClear=FALSE [Startup] AppName=Session Authentication Agent FreeDiskSpace=2479 EnableLangDlg=Y As you can see, I have discovered an option for the Method= line by trial and error. I would like to know how to disable the resolve addresses option. Shortly after I started working with Check Point Firewall-1, I started to wonder how such a highly rated product could have such poor client computer authentication options. User Auth, Client Auth, Session Auth? MetaIP? Is it just me or should the industry be able to come up with something a little more functional? After using Microsoft Proxy Server v2, it seems like Microsoft's authentication is functional, but perhaps not secure. Session Auth and MetaIP may be more secure than Microsoft's authentication, but they are not as functional. I challenge the industry to come up with a technology that offers the best of both worlds. Actually, MetaIP looks like it could be offer all of the features I am looking for. How well does MetaIP work in a Windows 2000 Active Directory environment? What does the future of MetaIP look like? Kevin Palmer Network Engineer - MCSE+I, CCSE Granite Solutions, Inc. P:P:F:http://www.gsite.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|