Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
1
Replies

VPN 3000 user authentication with Internal Database and Active Directory

snakayama
Level 3
Level 3

‎12-26-2006 12:26 AM - edited ‎02-21-2020 10:17 AM

Hi everyone,

I have a question about how to configure the VPN 3000 to work user authentication by using

Kerberos/Active Directory and Internal Database.

Why I ask you that question is that I have a following problem.

I have configured user authentication by using Internal Database for Group A for example.

Users of Group A have authenticated and communicated successfully.

Today I have configured user authentication by using Kerberos/Active Directory for Group B.

But at that time, Users of Group A could NOT authenticate and communicate.

(it seems VPN 3000 did not request user authentication to Internal Database)

To isolate the problem, I have deleted setting of Kerberos/Active Directory

"Configuration | System | Servers | Authentication and Delete" so that

Users of Group A can be authenticated.

So I have a question about how to configure to use both Internal Database and Kerberos/Active Directory

for user authentication for each Group, One Group uses Internal Database and another Group uses

Kerberos/Active Directory .

Your information would be appreciated.

Best regards,

Labels:
0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎01-01-2007 08:46 AM

Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service.

These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network.

http://www.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_chapter09186a008007ef3d.html#xtocid153536

0 Helpful
Customers Also Viewed These Support Documents