Cisco Cisco Web Security Appliance S360 Guía Del Usuario
6-5
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 6 Classify End-Users and Client Software
Classifying Users and Client Software
Authentication Realm
Select a Realm or Sequence – choose a defined authentication realm
or sequence.
or sequence.
Select a Scheme – Choose an authentication scheme:
•
Kerberos – The client is transparently authenticated by means of
Kerberos tickets.
Kerberos tickets.
•
Basic – The client always prompts users for credentials. After the
user enters credentials, browsers typically offer a check box to
remember the provided credentials. Each time the user opens the
browser, the client either prompts for credentials or resends the
previously saved credentials.
user enters credentials, browsers typically offer a check box to
remember the provided credentials. Each time the user opens the
browser, the client either prompts for credentials or resends the
previously saved credentials.
Credentials are sent unsecured as clear text (Base64). A packet
capture between the client and Web Security appliance can reveal
the user name and passphrase.
capture between the client and Web Security appliance can reveal
the user name and passphrase.
•
NTLMSSP – The client transparently authenticates using its
Windows login credentials. The user is not prompted for credentials.
Windows login credentials. The user is not prompted for credentials.
However, the client prompts the user for credentials under the
following circumstances:
following circumstances:
–
The Windows credentials failed.
–
The client does not trust the Web Security appliance because of
browser security settings.
browser security settings.
Credentials are sent securely using a three-way handshake (digest style
authentication). The passphrase is never sent across the connection.
authentication). The passphrase is never sent across the connection.
•
Support Guest privileges – Check this box to grant guest access to
users who fail authentication due to invalid credentials.
users who fail authentication due to invalid credentials.
Realm for Group
Authentication
Authentication
•
Select a Realm or Sequence – Choose a defined authentication
realm or sequence.
realm or sequence.