Cisco Cisco Web Security Appliance S170 사용자 가이드
21-10
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 21 Authentication
Working with Authentication Realms
lists advantages and disadvantages of using explicit forward NTLM authentication.
Transparent Deployment, NTLM Authentication
Transparent NTLM authentication is similar to transparent Basic authentication except that the Web
Proxy communicates with clients using NTLMSSP instead of Basic. However, with transparent NTLM
authentication, the authentication credentials are not sent in the clear to the authentication server.
Proxy communicates with clients using NTLMSSP instead of Basic. However, with transparent NTLM
authentication, the authentication credentials are not sent in the clear to the authentication server.
For more information, see
.
The advantages and disadvantages of using transparent NTLM authentication are the same as those of
using transparent Basic authentication except that transparent NTLM authentication is better because the
password is not sent to the authentication server and you can achieve single sign-on when the client
applications are configured to trust the Web Security appliance. For more information on the advantages
and disadvantages of transparent Basic authentication, see
using transparent Basic authentication except that transparent NTLM authentication is better because the
password is not sent to the authentication server and you can achieve single sign-on when the client
applications are configured to trust the Web Security appliance. For more information on the advantages
and disadvantages of transparent Basic authentication, see
.
Working with Authentication Realms
An authentication realm is a set of authentication servers (or a single server) supporting a single
authentication protocol with a particular configuration.
authentication protocol with a particular configuration.
You can perform any of the following tasks when configuring authentication:
•
Include up to three authentication servers in a realm.
•
Create zero or more LDAP realms.
•
Create zero or one NTLM realm.
•
Include an authentication server in multiple realms.
•
Include one or more realms in an authentication sequence.
•
Include realms of different protocols in a single authentication sequence.
•
Assign a realm or a sequence to an Access Policy group.
You create, edit, and delete authentication realms on the Network > Authentication page under the
Authentication Realms section.
Authentication Realms section.
shows where you define authentication realms.
Table 21-7
Pros and Cons of Explicit Forward NTLM Authentication
Advantages
Disadvantages
•
Because the password is not transmitted to the
authentication server, it is more secure
authentication server, it is more secure
•
Connection is authenticated, not the host or IP address
•
Achieves true single sign-on in an Active Directory
environment when the client applications are
configured to trust the Web Security appliance
environment when the client applications are
configured to trust the Web Security appliance
•
Moderate overhead: each new
connection needs to be
re-authenticated
connection needs to be
re-authenticated
•
Primarily supported on Windows only
and with major browsers only
and with major browsers only