[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] User authentification

To: Bourque Daniel <Daniel.Bourque@loto-quebec.com>, fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] User authentification
From: Dameon D. Welch <dwelch@hotmail.com>
Date: Sat, 1 May 1999 18:13:00 -0700

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


> This is for internal user accessing the Internet.  We are now using static
> password store on the FW.  I would like to use NT password using a Radius
> Server to authenticate but with that setup, NT password would travel in
> clear (from the user to the fw, Fw to Radius is encrypted, I know...).

You realize, of course, that the encryption that NT uses for its passwords
is quite crackable. Go check out the l0pht's website http://www.l0pht.com
and look at l0phtcrack, an NT password cracker.

> The question is: is it possible to use HTTPS as an interface for
> authentication instead of HTTP and if yes, How...  This is really for HTTP
> users.

There does not appear to be a way to do that. I still think one-time
passwords is the way to go here.

-- PhoneBoy


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: Re[2]: [FW1] GUI OVER INTERNET/SECUREMOTE
Next by Date: [FW1] Re: One for the FAQ -- LogSwitch Issue
Prev by thread: Re: Re[2]: [FW1] GUI OVER INTERNET/SECUREMOTE
Next by thread: [FW1] Re: One for the FAQ -- LogSwitch Issue
Index(es):
- Date
- Thread