Cisco Cisco Web Security Appliance S680 Guía Del Usuario
20-13
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 20 Authentication
Understanding How Authentication Works
Step 6
Web Proxy passes the authentication information to the Active Directory server.
The Active Directory server then verifies that the client used the correct password
based on whether or not it modified the challenge string appropriately.
The Active Directory server then verifies that the client used the correct password
based on whether or not it modified the challenge string appropriately.
Step 7
If the challenge response passes, the Web Proxy returns the requested web page.
Note
Additional requests on the same TCP connection do not need to be authenticated
again with the Active Directory server.
again with the Active Directory server.
authentication.
Transparent Deployment, NTLM Authentication
Transparent NTLM authentication is similar to transparent Basic authentication
except that the Web Proxy communicates with clients using NTLMSSP instead of
Basic. However, with transparent NTLM authentication, the authentication
credentials are not sent in the clear to the authentication server.
except that the Web Proxy communicates with clients using NTLMSSP instead of
Basic. However, with transparent NTLM authentication, the authentication
credentials are not sent in the clear to the authentication server.
For more information, see
The advantages and disadvantages of using transparent NTLM authentication are
the same as those of using transparent Basic authentication except that transparent
NTLM authentication is better because the password is not sent to the
authentication server and you can achieve single sign-on when the client
the same as those of using transparent Basic authentication except that transparent
NTLM authentication is better because the password is not sent to the
authentication server and you can achieve single sign-on when the client
Advantages
Disadvantages
•
Because the password is not
transmitted to the authentication
server, it is more secure
transmitted to the authentication
server, it is more secure
•
Connection is authenticated, not the
host or IP address
host or IP address
•
Achieves true single sign-on in an
Active Directory environment when
the client applications are
configured to trust the Web Security
appliance
Active Directory environment when
the client applications are
configured to trust the Web Security
appliance
•
Moderate overhead: each new
connection needs to be
re-authenticated
connection needs to be
re-authenticated
•
Primarily supported on Windows
only and with major browsers
only
only and with major browsers
only