Cisco Cisco Web Security Appliance S170 User Guide
Chapter 20 Authentication
Understanding How Authentication Works
20-6
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
The Web Security appliance supports the following authentication protocols:
•
Lightweight Directory Access Protocol (LDAP). The Web Proxy uses the
LDAP Bind operation to query an LDAP-compatible authentication server.
The appliance supports standard LDAP server authentication and secure
LDAP authentication.
LDAP Bind operation to query an LDAP-compatible authentication server.
The appliance supports standard LDAP server authentication and secure
LDAP authentication.
For more information about LDAP configuration options, see
.
•
NT LAN Manager (NTLM). The Web Proxy uses NTLM, a Microsoft
proprietary protocol, to authenticate users which exist in Microsoft Active
Directory. The NTLM protocol uses a challenge-response sequence of
messages between the client and the Active Directory server. You can use
either NTLMSSP or Basic authentication schemes on client side.
proprietary protocol, to authenticate users which exist in Microsoft Active
Directory. The NTLM protocol uses a challenge-response sequence of
messages between the client and the Active Directory server. You can use
either NTLMSSP or Basic authentication schemes on client side.
For more information about NTLM configuration options, see
.
In addition to the preceding protocols, the Web Security appliance supports the
following client side authentication schemes:
following client side authentication schemes:
•
Basic. Allows a client application to provide authentication credentials in the
form of a user name and password when it makes a request. You can use the
Basic authentication scheme with either an LDAP or Active Directory server.
form of a user name and password when it makes a request. You can use the
Basic authentication scheme with either an LDAP or Active Directory server.
•
NTLMSSP. Allows the client application to provide authentication
credentials in the form of a challenge and response. It uses a binary message
format to authenticate clients that use the NTLM protocol to access network
resources. You can use the NTLMSSP authentication scheme only with an
Active Directory server. When the Web Proxy uses NTLMSSP, most client
credentials in the form of a challenge and response. It uses a binary message
format to authenticate clients that use the NTLM protocol to access network
resources. You can use the NTLMSSP authentication scheme only with an
Active Directory server. When the Web Proxy uses NTLMSSP, most client
Client
Authentication
Server
Web Security Appliance
Basic or NTLMSSP
LDAP or NTLM