12-26-2006 12:26 AM - edited 02-21-2020 10:17 AM
Hi everyone,
I have a question about how to configure the VPN 3000 to work user authentication by using
Kerberos/Active Directory and Internal Database.
Why I ask you that question is that I have a following problem.
I have configured user authentication by using Internal Database for Group A for example.
Users of Group A have authenticated and communicated successfully.
Today I have configured user authentication by using Kerberos/Active Directory for Group B.
But at that time, Users of Group A could NOT authenticate and communicate.
(it seems VPN 3000 did not request user authentication to Internal Database)
To isolate the problem, I have deleted setting of Kerberos/Active Directory
"Configuration | System | Servers | Authentication and Delete" so that
Users of Group A can be authenticated.
So I have a question about how to configure to use both Internal Database and Kerberos/Active Directory
for user authentication for each Group, One Group uses Internal Database and another Group uses
Kerberos/Active Directory .
Your information would be appreciated.
Best regards,
01-01-2007 08:46 AM
Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service.
These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide