% NT Domain Authentication
%
% This means that instead of transferring or creating all your users and
% passwords on the firewall. You can tell the EagleNT to authenticate a user
% by having the firewall contact an internal PDC to authenticate based on its
% user and password database. We simply pass the user and password
% information to the PDC and wait for an answer of yes or no. The customers
% who know this is coming are really pumped. NT customers are addicted to the
% NT Adminstration paradigm and like having all their user information in one
% place. Having the firewall use it is a big plus. I'm not aware of any
% security holes per se for the firewall interacting with the PDC (a one way
% interaction), but I'm sure this group might propose some for us to think
% about :-))).
%
Ok, please, correct me if I am wrong, but does this not impose a
threat to passwords being spoofed on the inside of the firewall
(the lan between the PDC and the firewall) ?
If I am not mistaken, if I sniff the encrypted password of
an NT user account, it is just as valuable to me as an
unencrypted one?
If the above is true, then any user could fake themselves
as an administrator to gain un authorised access through
the firewall....... (and possibly even to the admin program
of the firewall)
Is the above true/false/dreaming?
tia
ciao
--
John
--
John Betts, Aztec Internet Services Port Elizabeth, South Africa
johnb @
aztec .
co .
za, Tel. +27(0)41 303 475, Fax. +27(0)41 301 052
Authorised Caldera Consultant || Part of the UUNet Group
The world is complex. The Sendmail configuration reflects this.
Follow-Ups:
References:
|
|
