You've got a whole lot of concepts going here but I think you're on the
right track depending on what you want to do. TIS has an authorization
system that supports strong authentication and source recognition (when
properly configured). With an s/key generator on Internet side remote hosts
can gain secure access.
-----Original Message-----
From: Neil Moore-Smith <[EMAIL PROTECTED]>
To: 'Linux-Net Mailing List' <[EMAIL PROTECTED]>
Date: Tuesday, October 13, 1998 4:34 PM
Subject: Can A Linux Firewall Support NT Authentication?
>Hi all
>
>I have a real problem. My client has an NT network and a permanent
>connection to the Internet. For email they use MS Exchange over X.400. They
>also have a few Unix systems around. They want to protect their machines
>from the Internet and also control outbound access to the Internet.
>
>I thought MS Proxy Server 2.0 was a good idea. It uses NT logon details to
>authenticate who can access the Web (they have to belong to a group called
>Web Users).
>
>BUT... after six weeks on the phone to Microsoft, they tell me that the
>Exchange X.400 MTA doesn't work through their Proxy Server as it's not
>Winsock-compliant. Yikes!
>
>X.400 is non-negotiable. I can't just switch to SMTP. I don't want to put
>the mail server on the "wrong" side of the Proxy Server as it has too much
>other stuff on to be exposed like that. Therefore, I need to switch to a
>different firewall. Linux seems a good bet, and the TIS toolkit seems to
>get me a long way, but I am concerned about integration. I would rather
>allow/deny access based on user, not just IP address. Is this possible
>under Linux, with the facilities available?
>
>All suggestions gratefully received.
>
>Neil
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
