Setting ScreenOS Authentication Options Using
Default Servers Overview
The default servers for the security device define
the authentication servers used to provide local, external, and WebAuth
user authentication. Table 1 describes
the different default servers.
Table 1: Default Servers
Default Servers
|
Description
|
Local
|
Each security device contains a local (database) server
called auth server. The auth server is the default authentication
server and can handle all types of authentication that occur on the
device. Usernames and authentication credentials of all local users
are stored in this database.
For the Local server only, you can set the authentication
timeout, which is the number of minutes the connection remains active
after an authentication request has been submitted and a successful
authentication is received. By default, the authentication timeout
on the Local authentication server is 10 minutes. To change this timeout,
enter a new value.
|
External
|
Alternatively, you can select an external authentication
server as the default server. To select an external server, you must
have already created and configured an Authentication Server object
in the NSM UI. You must also have defined the user accounts for all
external users on the external server. For more information, see and the Network
and Security Manager Administration Guide.
|
WebAuth
|
When using WebAuth, an auth user first initiates an HTTP
session to the IP address of the security device that hosts WebAuth.
After successful authentication, the auth user can send traffic to
the destination as permitted by one or more security policies. To
authenticate WebAuth users, you can use the Local authentication server
(security device default) or select a previously defined external
auth server.
|
Published: 2009-08-20
