Managing Users, Authentication, and VPN Certificates
357
ProSecure Unified Threat Management (UTM) Appliance
Except in the case of IPSec VPN users, when you create a user account, you need to specify
a group. When you create a group, you need to specify a domain.
The UTM support security policies that are based on an Active Directory with single sign-on
(SSO) through the use of the DC agent and additional Lightweight Directory Access Protocol
(LDAP) configuration options (see Configure Authentication Domains, Groups, and Users on
page 358).
The following table summarizes the external authentication protocols and methods that the
UTM supports.
Table 93. External authentication protocols and methods
Authentication
protocol or method
Description
PAP Password Authentication Protocol (PAP) is a simple protocol in which the client sends a
password in clear text.
CHAP Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake
in which the client and server trade challenge messages, each responding with a hash of
the other’s challenge message that is calculated using a shared secret value.
RADIUS A network-validated PAP, CHAP, MSCHAP, or MSCHAPv2 password-based
authentication method that functions with Remote Authentication Dial In User Service
(RADIUS).
MIAS A network-validated PAP or CHAP password-based authentication method that functions
with Microsoft Internet Authentication Service (MIAS), which is a component of Microsoft
Windows 2003 Server.
WiKID WiKID Systems is a PAP or CHAP key-based two-factor authentication method that
functions with public key cryptography. The client sends an encrypted PIN to the WiKID
server and receives a one-time passcode with a short expiration period. The client logs in
with the passcode. See Appendix E, Two-Factor Authentication, for more on WiKID
authentication.
NT Domain A network-validated domain-based authentication method that functions with a Microsoft
Windows NT Domain authentication server. This authentication method has been
superseded by Microsoft Active Directory authentication but is supported to authenticate
legacy Windows clients.
Active Directory A network-validated domain-based authentication method that functions with a Microsoft
Active Directory authentication server. Microsoft Active Directory authentication servers
support a group and user structure. Because the Active Directory supports a multilevel
hierarchy (for example, groups or organizational units), this information can be queried to
provide specific group policies or bookmarks based on Active Directory attributes.
The UTM support single sign-on (SSO) through the use of the DC agent and additional
LDAP configuration options.
Note: A Microsoft Active Directory database uses an LDAP organization schema.
To Next Page
Loading...
Need help?
General