Options
Support for Kerberos
Hi,
Would like to see support for kerberos protocol.
Not much use making a admin account member of Protected Users group when AuthPoint do not support Kerberos.
If the user account do not allow ntlm authentication authpoint gives us this:
Reason: The LDAP password is not valid.
Error: 201.045.003 - Authentication transaction is not authorized.
/Robert
0
Sign In to comment.
Comments
Hi @rv@kaufmann.dk
Support for that group was added in AuthPoint agent 2.5 -- if you're not already running that version, I'd suggest doing so and trying that.
-James Carson
WatchGuard Customer Support
Hi @james.carson
Sorry for not being more specific. Yes, you are correct kerberos authentication works with the Windows logon app agent, but it is not supported on https://authpoint.watchguard.com/kaufmann and firebox authentication.
/Robert
Hi @rv@kaufmann.dk
Generally these types of accounts will be used only for administrative purposes, for example, using the run as command to run a task. I'd be happy to make a feature request -- but what types of circumstances would have an administrative user using the IDP portal and logging in via the firebox itself?
-James Carson
WatchGuard Customer Support
@james.carson
I do have some "external" parties (very limited) which also is administrators, and we can disable the use of firebox authentication as they have access via VMWare also to the guest. They are admins at 1 of our sites, but not at other sites we are running.
At other times we have accounts which has to be admins on specific servers and here we would benefit from the value we get from the membership of Protected Users group.
2 of those i send WG hardware tokens which they had to activate, but was unable to do so before i removed them from the Protected Users group.
Of cause i could activate them in the portal and i can add the users back afterwords to the protected users group. But in day 2 day life, it would be a nice feature if fireware, and AuthPoint, had support for kerberos also.
Does it make sense?