Re: [FW1] user auth & https

Wed, 21 Mar 2001 03:36:46 -0800 


forgot to add - it is not a situation when clients are behind a FW-1, but my
HTTPS _server_ is behind FW-1 and clients are everywhere on the Internet - I
want them to authenticate on that firewall before getting access to the
server.

regards,
W.


----- Original Message -----
From: "Graeme" <[EMAIL PROTECTED]>
To: "Vitaly Osipov" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, March 21, 2001 11:20 AM
Subject: Re: [FW1] user auth & https


> 1. Insure the following line exists in $FWDIR/conf/fwauthd.conf:
>
> 443 in.ahttpd wait 0
>
> If it's not there or it's commented out, add/uncomment it and bounce
FireWall-1.
>
> 2. Modify the pre-defined service https. Change the protocol type from
"None" to
> "URI."
>
> You may now use HTTPS for authentication or content security as
appropriate
> provided the client is configured to use the firewall as a proxy for HTTPS
> requests.
>
>
> cheers
>
>
> Graeme
>
> Vitaly Osipov wrote:
>
> > Hi all,
> >
> > I have a very stupid question probably, but I am stuck... Can I perform
some
> > kind of user auth on Checkpoint for HTTPS service? or is it possible to
> > combine user auth and transparent client auth to, for example, have a
client
> > to connect to http://www.blahblah.com, asked for password by a FW-1,
happily
> > authenticated and then somehow got access not only to port 80, but to
port
> > 443 also? additionla "client auth" rule with http and https together and
> > transparent sign-on? or any other way to get an HTTPS server protected
by
> > FW-1 password without putting agents on client machines? FW-1 as an
HTTPS
> > proxy? Checkpoint says "User auth is not available for https _yet_" :(
> >
> > regards,
> > W.
> >
> >
============================================================================
====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >               http://www.checkpoint.com/services/mailing.html
> >
============================================================================
====
>
> --
> Never underestimate the power of stupid people
> in large groups.
>
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to