VPN 3000 user authentication with Internal Database and Active Directory

Unanswered Question
Dec 26th, 2006
User Badges:
  • Bronze, 100 points or more

Hi everyone,


I have a question about how to configure the VPN 3000 to work user authentication by using

Kerberos/Active Directory and Internal Database.


Why I ask you that question is that I have a following problem.


I have configured user authentication by using Internal Database for Group A for example.

Users of Group A have authenticated and communicated successfully.


Today I have configured user authentication by using Kerberos/Active Directory for Group B.

But at that time, Users of Group A could NOT authenticate and communicate.

(it seems VPN 3000 did not request user authentication to Internal Database)


To isolate the problem, I have deleted setting of Kerberos/Active Directory

"Configuration | System | Servers | Authentication and Delete" so that

Users of Group A can be authenticated.


So I have a question about how to configure to use both Internal Database and Kerberos/Active Directory

for user authentication for each Group, One Group uses Internal Database and another Group uses

Kerberos/Active Directory .


Your information would be appreciated.


Best regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
irisrios Mon, 01/01/2007 - 08:46
User Badges:
  • Silver, 250 points or more

Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service.

These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network.

http://www.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_chapter09186a008007ef3d.html#xtocid153536

Actions

This Discussion