NETGEAR UTM5EW-100NAS Router User Manual


 
Manage Users, Authentication, and VPN Certificates
379
ProSecure Unified Threat Management (UTM) Appliance
The UTM supports security policies that are based on an Active Directory with single sign-on
(SSO) through the use of the DC agent and additional Lightweight Directory Access Protocol
(LDAP) configuration options (see Configure Authentication Domains, Groups, and Users on
page 380).
The following table summarizes the external authentication protocols and methods that the
UTM supports.
Table 98. External authentication protocols and methods
Authentication
protocol or method
Description
PAP Password Authentication Protocol (PAP) is a simple protocol in which the client sends a
password in clear text.
CHAP Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake
in which the client and server trade challenge messages, each responding with a hash of
the other’s challenge message that is calculated using a shared secret value.
RADIUS A network-validated PAP, CHAP, MSCHAP, or MSCHAPv2 password-based
authentication method that functions with Remote Authentication Dial In User Service
(RADIUS).
MIAS A network-validated PAP or CHAP password-based authentication method that functions
with Microsoft Internet Authentication Service (MIAS), which is a component of Microsoft
Windows 2003 Server.
WiKID WiKID Systems is a PAP or CHAP key-based two-factor authentication method that
functions with public key cryptography. The client sends an encrypted PIN to the WiKID
server and receives a one-time passcode with a short expiration period. The client logs in
with the passcode. See Appendix F, Two-Factor Authentication, for more on WiKID
authentication.
NT Domain A network-validated domain-based authentication method that functions with a Microsoft
Windows NT Domain authentication server. This authentication method has been
superseded by Microsoft Active Directory authentication but is supported to authenticate
legacy Windows clients.
Active Directory A network-validated domain-based authentication method that functions with a Microsoft
Active Directory authentication server. Microsoft Active Directory authentication servers
support a group and user structure. Because the Active Directory supports a multilevel
hierarchy (for example, groups or organizational units), this information can be queried to
provide specific group policies or bookmarks based on Active Directory attributes.
The UTM supports single sign-on (SSO) through the use of the DC agent and additional
LDAP configuration options.
Note: A Microsoft Active Directory database uses an LDAP organization schema.
LDAP A network-validated domain-based authentication method that functions with a
Lightweight Directory Access Protocol (LDAP) authentication server. LDAP is a standard
for querying and updating a directory. Because LDAP supports a multilevel hierarchy (for
example, groups or organizational units), this information can be queried to provide
specific group policies or bookmarks based on LDAP attributes.
The UTM supports single sign-on (SSO) through the use of the DC agent and additional
LDAP configuration options.