Understanding Strong Authentication
177
This option is currently used only by the POP3 proxy.
SecurID
This system, available from Security Dynamics, uses a time-based password. The
SecurID card generates a passcode. When the firewall prompts for authentication, the
user enters his or her personal identification number (PIN) and the passcode shown on
the card. The Gauntlet authentication server verifies this value with the Security
Dynamics ACE server.
EnigmaLogic SafeWord
SafeWord is available from EnigmaLogic and supports numerous hardware
authentication tokens. The Gauntlet authentication server communicates with SafeWord
during the authentication process.
S/Key
This system, from Bellcore, uses a one-time password. Users generate a set of passwords
based on a “seed” word or phrase. Each time they need to authenticate, they use a
different password. When the firewall prompts for authentication, it provides a
challenge value. The user enters his or her appropriate password for that challenge. The
Gauntlet authentication server verifies this value.
The Gauntlet firewall distribution includes a portion of the S/Key package. The full
S/Key package is available for FTP from ftp.bellcore.com in pub/nmh/skey.
You can also use the Naval Research Lab One-Time Password in Everything (OPIE),
which is downward-compatible with Bellcore's S/Key Version 1 software. The OPIE
package is available for FTP from ftp.nrl.navy.mil in /pub/security/nrl-opie/.
Reusable Passwords
This system, a part of the user authentication system included with the Gauntlet firewall,
is a reusable password option. It is designed for administrator testing only. Every time
Summary of Contents for Gauntlet
Page 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Page 16: ......
Page 26: ......
Page 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Page 28: ......
Page 43: ...PART TWO Configuring and Using Proxies II ...
Page 44: ......
Page 50: ......
Page 56: ......
Page 64: ......
Page 72: ......
Page 94: ......
Page 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Page 110: ......
Page 140: ......
Page 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Page 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Page 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Page 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Page 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Page 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Page 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Page 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Page 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Page 214: ......
Page 232: ......
Page 233: ...Appendixes IV ...
Page 234: ......
Page 294: ......
Page 305: ......