SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : Novell (NOVL) dirt cheap, good buy?
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: Paul Fiondella who wrote (27954)8/30/1999 3:16:00 PM
From: ToySoldier  Read Replies (2) of 42771
 
Regarding Authentication....

Yes it is true for most users as most dial-in users to an ISP or even corporate dial-in use "Dial-Up" routers or multi-pot async routers to allow multiple remote workstations with modems to access one of the modem attached async ports of these routers.

Most people use the old and quite basic PAP/CHAP authentication protocols - i.e. when you dial up to an ISP the connecting router prompts you for a username and password. If you give correctly enter a username and password that is in its table, then viola, you have been authenticated by the PAP/CHAP which runs on the router.

NDS can definitely get involved in this process. NDS has RADIUS Server services which allows these username/passowrd tables to be centrally administered from NDS. The routers still do the actual authentication work via PAP/CHAP but the data that the router checks for valid user authentication was sent to the router(s) via NDS's RADIUS capabilities. It might be obvious to say this but the routers have to be RADIUS capable as well.

A more direct way would be if a router/switch were querying the NDS data directly via router APIs that integrate the router natively into the NDS tree.

Another form of authentication over and above PAP/CHAP is the newer VPN. This is session-layer authentication as I recall and it includes technologies like certificate challenging (example PKI) and encription. With this, the VPN can offer non-repudiation in addition to a much higher level of authentication over the basic PAP/CHAP.

Warning - non-repudiation is provided only from VPN end-point to VPN end-point. Other middle processes that link the client to the destination can invalid the non-repudiation (i.e. a web-server, internal network transport that was thought to have been secured, an evil user who jumped onto an existing client end-station without the original user's permission, etc.).

Firewalls can now take a VPN session and develop access enhanced policies on that session because the VPN client is assumed to be HIGHLY trusted in being who/what it is authenticated to be.

The NDS-enabled/integrated BorderManager has VPN "server-to-server" and "server-to-client" capabilities, as well as RADIUS services.

Long winded answer. Had to blow off the dust from my tech side.

Toy
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News