Authentication Rules; Ldap For Ppp With Chap, Ms-Chapv1 Or Ms-Chapv2 - D-Link DFL-1660 User Manual

8.2.5. Authentication Rules

compare with the digest sent by the client. A successful digest match then results in successful
authentication.
The essential difference with the normal event sequence in A above is that it is the NetDefend
Firewall itself which is performing the authentication.
Figure 8.2. LDAP for PPP with CHAP, MS-CHAPv1 or MS-CHAPv2
When setting up this scenario, the administrator needs to take note of the following issues:
1. User passwords will be stored in two places so changing one means a separate change to the
other.
2. Users will not be able to change their passwords unless both passwords can somehow be
changed together, perhaps by using scripting.
3. Anyone with administrator access to the LDAP database will be able to see the password.
4. Updating the LDAP database schema is often an irreversible operation.
8.2.5. Authentication Rules
An Authentication Rule should be defined when the user establishing a connection through the
NetDefend Firewall is to be prompted for a username/password login sequence.
Authentication Rules are set up in a way that is similar to other NetDefendOS security policies, by
specifying which traffic is to be subject to the rule. They differ from other policies in that the
destination network/interface is not of interest but only the source network/interface. An
Authentication Rule has the following parameters:
• Interface
The source interface on which the connections to be authenticated will arrive.
• Source IP
The source network from which new connections will arrive.
•
Authentication Source
- This specifies that authentication is to be done against one of the following:
318
Chapter 8. User Authentication