Choosing An Authentication Mechanism - EdgeWave iPrism Web Security Administration Manual

iPrism
iPrism can also determine a user's identity in a variety of ways, such as several types of login
screens, proxy-based authentication, and the Auto-Login feature. For details on Auto-Login, see
Auto-Login Details.
Note: iPrism can only authenticate web-based connections. Due to how IM
and P2P protocols work, user-based authentication is impossible, so the iPrism
uses IP-based profile mapping for these protocols.
If a user cannot be authenticated, they will not be able to use the Internet.

Choosing an Authentication Mechanism

Network-based profiles do not require authentication to be enabled. If authentication is enabled,
users must authenticate to access the Internet.
iPrism supports the following authentication mechanisms:
• Local
• Kerberos: this uses a Windows Domain Controller (2003 or 2008) with Active Directory, with the
iPrism in Server 2008 mode
• NTLM (Windows 2000, Windows 2003): with the iPrism in Server 2003 mode
• LDAP
• Novell NetWare with eDirectory
• OSX with Open Directory
Active Directory on Windows 2003 is LDAP-compliant by default. For more details about LDAP on
Windows. For more information, see the following iPrism Knowledgebase articles:
• Windows 2000/2003 LDAP Authentication
• Windows Active Directory 2008 Authentication
• Migrating from AD2003 to AD2008
For OS X with Open Directory, refer to the iPrism Knowledgebase article: Integrating iPrism with OS
X Open Directory.
The knowledgebase articles are available at: , available at
security/knowledgebases.asp.
Chapter 7 System Settings
www.edgewave.com/support/web_
Administration Guide
102