[FW1] RFC on OS Password Authentication using Windows NT and Firewall-1

[Jim Brown <Jim.Brown@CaseLogic.com>]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]



I would really, really like to use OS Password Authentication. Here is the
proposed setup. Someone please correct me if my logic is way off base. I
would like to control outbound access via OS Password Authentication without
creating and maintaining separate user account databases. I realize the
security risks associated with incorporating the firewall server into the NT
Domain, this is my suggestion to address that issue.

Environment
Firewall Server : Windows NT
Production Servers: Primarily NT
User Desktops: Primarily NT

Two Domains: (Domain A and Domain B)
Firewall in Domain A, Firewall acts as PDC for Domain A
Production Servers in Domain B, User Desktops in Domain B
Domain B Trusts Domain A (one way trust relationship)

This solution would allow the firewall server (PDC of Domain B) to query and
authenticate requests for users in Domain A with the PDC of Domain A without
maintaining an accounts database on the firewall (other than the default
accounts). Domain B only asks Domain A if the user account is valid.

Of course all the standard services would be disabled on the external
interface of the firewall. Comments or suggestions, I am prepared for
ridicule.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================