OK, and I agree. User name and password only scare me. We use certificate
and also use SCV to check a few registry keys to see if te computer is a
member of our domain. It's not fool-proof, but it does raise the bar a bit.
Ray
From: Yang Xiao <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] secure client unable to authenticate due to expire of
passwor d
Date: Mon, 24 Jul 2006 06:37:57 -0400
On 7/21/06, Ray <[EMAIL PROTECTED]> wrote:
Why is SDL considered risky? We're not using it, but it sure would sove
problems like this.
Thanks,
Ray
I was really refering to VPN authentication using AD LDAP, I loath this
kind
of single sign-on even if you enforce strict password complicity and
expriation policy, but then still, I'd prefer using something like RSA
tokens.
- Yang
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
