Firewalls: Re: Mixing Authentification Strategies

Firewalls
(April 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Mixing Authentification Strategies
From:	charisse @ SmallWorks . COM (Charisse Castagnoli)
Date:	Thu, 31 Mar 94 22:47:33 CST
To:	firewalls @ GreatCircle . COM, mjr @ tis . com, scs @ lokkur . dexter . mi . us

>>One trick we pull with our firewall is we configure our
>>authentication server with records for each user, and for users
>>who want multiple forms of authentication, rather than having
>>to add code to the firewall, we just have multiple identities. So
>>if I want to use my default authentication (id="mjr", authentication
>>protocol is digital pathways) I log in as "mjr" -- if I forgot my
>>SNK I could fall back on s/key and log in as "mjr-skey"

Are you saying you have multiple logins per userid? This might be
OK for accountability if your auditing system tracks by userid, not
loginname.  If you are saying you have multiple userids for each
person that sounds like an accountability nightmare.  I'm not really
positive I like the former from an accountability perspective either
since somewhere I'm sure loginname will be used when what I need
is userid. 

charisse @
 smallworks .
 com

Indexed By Date	Previous:	Re: Mixing Authentification Strategies From: Marcus J Ranum <mjr @ tis . com>
Indexed By Date	Next:	screend on BSD/386 is now available From: Tim Guarnieri <timg @ vix . com>
Indexed By Thread	Previous:	Re: Mixing Authentification Strategies From: Marcus J Ranum <mjr @ tis . com>
Indexed By Thread	Next:	Re: Mixing Authentification Strategies From: alastair @ cadence . com (Alastair Young)