The true is that pix validate the connection (permit or deny) by IP so thats the reason when a User validate through the ACS server and the pix grant the access anyone who use the same machine and the uath timeout does�t expires they are not asking for autentication again. The autentication between the client and PIX are not encrypt, it was only Base64 encoded.
Mariano Montervino IT Manager CABAL Coop. Ltda. Buenos Aires, Argentina 54-011-4319-2599 www.cabal.com.ar -----Mensaje original----- De: Chance Ellis [mailto:[EMAIL PROTECTED]] Enviado el: Viernes, 10 de Mayo de 2002 12:10 p.m. Para: [EMAIL PROTECTED] Asunto: Fwd: PIX HTTP Authentication Using a PIX 525 with software 6.2 I am running into some issues with the PIX and how it authenticates HTTP access. I have the PIX configured to authenticate against a Cisco Secure ACS server running on Windows NT which is setup to use an external Windows Domain for usernames. When User A opens a web browser and points to a URL, they are prompted for authentication. They successfully login and are browsing ok. If they close the browser and re-open, they are not prompted again for authentication. If they log out and log back in as another user, they are not prompted for authentication, in fact they are still using User A as the authenticated account. I have played with the uauth timers on the PIX but it just doesn't seem to be a good solution... We are also using Raptor 6.5, and with Raptor the browser sends the credentials every time and Raptor verifies that the user is logged in. When you close the browser, the browser no longer contains the cached credentials so when you hit the firewall, you are prompted for authentication. Therefore, you are only asked for authentication once per browser session. Can this be done with the PIX? Am I missing something? Cisco's implementation does not seem to be a good from what I have seen so far... Any help is greatly appreciated! __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
