GB-Auth is specifically designed to stay "tethered" to the authentication server, (it's not suppose to "time out"). HTML isn't persistent, so if you simply use html based authentication you'll only know that a particular user was associated with a given IP for a single moement in time. Unless you have some system that allocates an authentication period (say 1 hour) then requires re-authentication this type of authentication doesn't really provide much. Even specify an authentication period still leaves a window open.
I don't really find your "major limitations" to be either major or limiting. 1) launching a "3rd party client", by this I guess you mean something other than a web browser? What if I was going to use some other now web based service that accessed the internet (FTP, POP3, etc). I guess you'd have to launch a "3rd party client" your web browser to authenticate. The running of GB-Auth is simply a step that one needs to get used to if the organization wants authenticated access and detail log information about user activity. I don't see this any more limiting that other programs I must launch to get a job done. 2. I'm not sure how you're trying to map accounts but the authentication system supports RADIUS, LDAP and the local DB on the firewall. Paul On Wednesday, March 23, 2005 at 08:25, Chris Green wrote: >Is there any way besides using the auth client to have users inside the >network authenticated before accessing the internet? I've been doing this >with my Raptors since well before 1999, I've also done it with Watchguard >and Checkpoint. I want to be able to force users to log in a pop-up box >when they open their web browser to pass through the transparent proxy in >order to a> make sure they are authorized to access the internet, and b> log >their username along with every site they access. > >I've tried doing this with the Auth client, but I've found two major >limitations beyond it being annoying to launch a 3rd party client.... 1. >The client doesn't time out. Once you log in, it stays running, and 2. I >have been unable to map accounts to an NT/2003 domain successfully. This >may work fine through RADIUS, but I had not seen any documentation on making >this work. > >Any input available from GTA? Can we expect web-authentication in the >future? > >Chris Green > >------------------------------------------------------ >To unsubscribe: [EMAIL PROTECTED] >For additional commands: [EMAIL PROTECTED] >Archive: http://archives.gnatbox.com/gb-users/ > > -- Paul Emerson Global Technology Associates, Inc. Tel: +1.407.380.0220 http://www.gta.com/ Fax: +1.407.380.6080 Email: [EMAIL PROTECTED] Mob: +1.407.617.7818 AIM: pje1gta ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
