[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Web Surfing Authentication using NT Domains
Making the firewall a domain member would be a really bad idea, but Jason is correct that it will work. In fact using NT domain passwords is a really bad idea in general. I think this is a commonly agreed upon fact. If you must do this (as we all must at one point or another) it is much better to use external authenticators, such as a RADIUS or TACACS server that can proxy the PDC for authentication. Frank -----Original Message----- From: Luke, Jason (ISS Southfield) [mailto:[email protected]] Sent: Thursday, January 25, 2001 4:23 PM To: 'Toth, David'; [email protected] Subject: RE: [FW1] Web Surfing Authentication using NT Domains Haven't tried it but I believe if your firewall is NT and on the Domain, you can select OS Password as your authentication method. User hits rule with Authentication, prompts NT OS to see if it is valid, NT Firewall doesn't have the user defined locally so it polls the PDC, and the PDC validates the user. -----Original Message----- From: Toth, David [mailto:[email protected]] Sent: Wednesday, January 24, 2001 12:11 PM To: [email protected] Subject: [FW1] Web Surfing Authentication using NT Domains All, Is is possible to use your NT domains to authenticate Internet users thru FW-1 or do I have to use an LDAP or RADIUS server? Thanks in Advance, Dave. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|