NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Web Surfing Authentication using NT Domains



The limitation is that the FW machine must be a part of the domain in order
for OS password method to authenticate and therefore must have evil insecure
NT services running on it in order to talk to either the PDC or BDC. It is
commonplace to remove the NT networking features when installing FW-1. This
is why I suggested using RADIUS or TACACS as this acomplishes the same task
in a more secure fashion.

Frank

-----Original Message-----
From: Jarmoc, Jeff [mailto:[email protected]]
Sent: Thursday, January 25, 2001 5:49 PM
To: 'Luke, Jason (ISS Southfield)'; 'Toth, David';
[email protected]
Subject: RE: [FW1] Web Surfing Authentication using NT Domains



I'm almost sure what Jason is saying is true, but I just wanted to point out
that any BDC should be able to authenticate users, not just the PDC.  Unless
there's some really bizarre design in FW-1 that prevents BDCs from
authenticating, but that seems way out there.  BDCs are really meant for
this purpose, I don't see any reason why Checkpoint would limit that.

-----Original Message-----
From: Luke, Jason (ISS Southfield) [mailto:[email protected]]
Sent: Thursday, January 25, 2001 3:23 PM
To: 'Toth, David'; [email protected]
Subject: RE: [FW1] Web Surfing Authentication using NT Domains



Haven't tried it but I believe if your firewall is NT and on the Domain, you
can select OS Password as your authentication method.  User hits rule with
Authentication, prompts NT OS to see if it is valid, NT Firewall doesn't
have the user defined locally so it polls the PDC, and the PDC validates the
user.  


-----Original Message-----
From: Toth, David [mailto:[email protected]]
Sent: Wednesday, January 24, 2001 12:11 PM
To: [email protected]
Subject: [FW1] Web Surfing Authentication using NT Domains



All,

Is is possible to use your NT domains to authenticate Internet users thru
FW-1 or do I have to use an LDAP or RADIUS server?

Thanks in Advance,

Dave.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.