ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
9-2 Managing Users, Authentication, and Certificates
v1.0, September 2009
Configuring Domains
The domain determines the authentication method to be used for associated users. For SSL
connections, the domain also determines the portal layout that is presented, which in turn
determines the network resources to which the associated users have access. The default domain of
the UTM is named geardomain. You cannot delete the default domain.
Table 9-1 summarizes the authentication protocols and methods that the UTM supports.
Table 9-1.Authentication Protocols and Methods
Authentication
Protocol or Method
Description (or Subfield and Description)
PAP Password Authentication Protocol (PAP) is a simple protocol in which the client sends
a password in clear text.
CHAP Challenge Handshake Authentication Protocol (CHAP) executes a three-way
handshake in which the client and server trade challenge messages, each
responding with a hash of the other’s challenge message that is calculated using a
shared secret value.
RADIUS A network-validated PAP or CHAP password-based authentication method that
functions with Remote Authentication Dial In User Service (RADIUS).
MIAS A network-validated PAP or CHAP password-based authentication method that
functions with Microsoft Internet Authentication Service (MIAS), which is a
component of Microsoft Windows 2003 Server.
WiKID WiKID Systems is a PAP or CHAP key-based two-factor authentication method that
functions with public key cryptography. The client sends an encrypted PIN to the
WiKID server and receives a one-time pass code with a short expiration period. The
client logs in with the pass code. See Appendix D, “Two Factor Authentication” for
more on WiKID authentication.
NT Domain A network-validated domain-based authentication method that functions with a
Microsoft Windows NT Domain authentication server. This authentication method has
been superseded by Microsoft Active Directory authentication but is supported to
authenticate legacy Windows clients.
Active Directory A network-validated domain-based authentication method that functions with a
Microsoft Active Directory authentication server. Microsoft Active Directory
authentication servers support a group and user structure. Because the Active
Directory supports a multilevel hierarchy (for example, groups or organizational
units), this information can be queried to provide specific group policies or bookmarks
based on Active Directory attributes.
Note: A Microsoft Active Directory database uses an LDAP organization schema.