Firewall Wizards mailing list archives
RE: NT Authentication
From: "Joe Ippolito" <joe () joesnet com>
Date: Wed, 7 Oct 1998 18:32:22 -0700
I have implemented MS Proxy in industrial quantities - usually behind Firewall-1. I am very please with the product and price. One thing that it will not do is forward ICMP packets and I do not know of anyone that has successfully used the socks proxy. It sure beats tracking user activity by their IP address
-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Joseph S. D. Yao Sent: Wednesday, October 07, 1998 11:14 AM To: Steve () po i-way co uk Cc: firewall-wizards () nfr net Subject: Re: NT AuthenticationI have been asked a few times recently to specify a proxy which can get Authentication from an NT domain. This seems to be sites which are using DHCP. I often like to specify a FW which has an internal proxy where the site admin team can control the insides clients Internet access. This means they can make all the changes for individual users and don't have to go near the FW. In the past I have used Wingate and IP's but more and more sites seem to want this authentication to come from an NT domain ala M$ Proxy server I guess. Being no genius on NT I wondered if anyone has any other product suggestions, alternative ways of doing this etc. Any actual experiences with Microsofts proxy would be good too - I think we all know how dubious the security is, the management possibilities seem useful though.I know the people working on the [new! improved!] Linux port+ of PAM were trying to put together an NT authentication module that worked under all hosts to which PAM [Pluggable Authentication Modules, OSF RFC 86.0, AKA XSSO - X/Open Single Sign-On Service] had been ported. I've lost track of their progress on this. Cf. <URL: http://www.kernel.org/pub/linux/libs/pam/>. -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- PLEASE ... send or Cc: all "COSPO/OSIS Computer Support" mail to sys-adm () cospo osis gov ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- NT Authentication Steve (Oct 07)
- Re: NT Authentication Joseph S. D. Yao (Oct 07)
- RE: NT Authentication Joe Ippolito (Oct 09)
- <Possible follow-ups>
- RE: NT Authentication Noller, Gregory (Oct 09)
- Re: NT Authentication Vin McLellan (Oct 09)
- RE: NT Authentication Amirmadhi Foorood (Oct 09)
- RE: NT Authentication Amirmadhi Foorood (Oct 13)
- RE: NT Authentication Stout, Bill (Oct 13)
- Re: NT Authentication Joseph S. D. Yao (Oct 07)