Cisco Cisco Web Security Appliance S370 사용자 가이드
6-18
Cisco AsyncOS for Web User Guide
Chapter 6 Acquire End-User Credentials
Authentication Sequences
When multiple NTLM authentication realms are defined, the Web Security appliance uses the
NTLMSSP authentication scheme with only one NTLM authentication realm per sequence. You can
choose which NTLM authentication realm to use for NTLMSSP within each sequence, including the All
Realms sequence. To use NTLMSSP with multiple NTLM realms, define a separate Identity for each
realm.
NTLMSSP authentication scheme with only one NTLM authentication realm per sequence. You can
choose which NTLM authentication realm to use for NTLMSSP within each sequence, including the All
Realms sequence. To use NTLMSSP with multiple NTLM realms, define a separate Identity for each
realm.
Which authentication realms within a sequence get used during authentication depends on:
•
The authentication scheme used. This is generally dictated by the type of credentials entered at the
client.
client.
•
The order in which realms are listed within the sequence (for Basic realms only, as only one
NTLMSSP realm is possible).
NTLMSSP realm is possible).
Tip
For optimal performance, authenticate clients on the same subnet using a single realm.
Creating Authentication Sequences
Before You Begin
•
Create two or more authentication realms (see
•
If the Web Security appliance is managed by a Security Management appliance, ensure that
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance. Be aware that AsyncOS will use the realms to process authentication
sequentially, beginning with the first realm in the list.
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance. Be aware that AsyncOS will use the realms to process authentication
sequentially, beginning with the first realm in the list.
Step 1
Choose Network > Authentication
Step 2
Click Add Sequence.
Step 3
Enter a unique name for the sequence using alphanumeric and space characters.
Step 4
In the first row of the Realm Sequence for Basic Scheme area, choose the first authentication realm you
want to include in the sequence.
want to include in the sequence.
Step 5
In the second row of the Realm Sequence for Basic Scheme area, choose the next realm you want to
include in the sequence.
include in the sequence.
Step 6
(Optional) Click Add Row to include another realm that uses Basic credentials.
Step 7
If an NTLM realm is defined, choose an NTLM realm in the Realm for NTLMSSP Scheme field.
The Web Proxy uses this NTLM realm when the client sends NTLMSSP authentication credentials.
Step 8
Submit and commit your changes.
Editing And Reordering Authentication Sequences
Step 1
Choose Network > Authentication.
Step 2
Click the name of the sequence you wish to edit or re-order.
Step 3
Choose a realm name from the Realms drop-down list on the row corresponding to the position number
you want the realm to occupy in the sequence.
you want the realm to occupy in the sequence.