[j-nsp] Netscreen Authentication

M.Mihailidis mixalism at gmail.com
Tue May 6 10:18:39 EDT 2008


But I can access even uncached websites and see at "get auth table" the user
status as successful. Where before I pressed the home button the status was
failed.

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at gmail.com] 
Sent: Tuesday, May 06, 2008 5:07 PM
To: M.Mihailidis
Cc: Juniper-Nsp
Subject: Re: [j-nsp] Netscreen Authentication

The problem you are dealing with has nothing to do with
authentication.  Your users aren't bypassing authentication, they are
accessing cached data that resides on their hard drive.  This does not
represent a security breach within the context of authentication.

I'm not familiar with firefox but I am sure you can configure a knob
to indicate that you don't want the browser to use cached data,
although performance may suffer.

Stefan Fouant

On Tue, May 6, 2008 at 10:00 AM, M.Mihailidis <mixalism at gmail.com> wrote:
> Yes it's the cache or authenticated sessions just cleared them both and re
> authentication was requested but as it seems I cannot use that feature
> because I cannot control or ask the users to clear their web browsers
cache
> cookies etc etc. The thing is to control them without interfering their
> pc.is there any other bypass for this type of authentication or I have to
> use Webauth?
>
> -----Original Message-----
> From: Stefan Fouant [mailto:sfouant at gmail.com]
>
> Sent: Tuesday, May 06, 2008 4:47 PM
> To: M.Mihailidis
> Cc: Juniper-Nsp; Juniper Netscreen
> Subject: Re: [j-nsp] Netscreen Authentication
>
> Actually it sounds to me like firefox might be pulling up cached data...
>
> Try waiting for the authentication to expire (or manually clear it),
> then delete your firefox cache, then hit google and let us know what
> happens.
>
> Cheers,
>
> Stefan Fouant
>
> On Tue, May 6, 2008 at 9:40 AM, M.Mihailidis <mixalism at gmail.com> wrote:
> >
> > I have configured the time out to 1 and tried the clear auth but the
> > behavior is still the same the other thing I tried was to clear all
> private
> > data from firefox and only then I had the users reauthenticating when
they
> > went to home page but still there was some strange behavior (Google
search
> > was possible but opening the the links forced authentication). The thing
I
> > want to do is not to manually force the users to re authenticate but to
be
> > done through the timeout like Webauth.
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Stefan Fouant [mailto:sfouant at gmail.com]
> > Sent: Tuesday, May 06, 2008 4:34 PM
> > To: M.Mihailidis
> > Cc: Juniper-Nsp; Juniper Netscreen
> > Subject: Re: [j-nsp] Netscreen Authentication
> >
> > There is indeed a timeout setting for auth users, but it sounds to me
> > that it hasn't expired, hence what appears to be users "bypassing"
> > authentication is actually the normal behavior.  Authentication is
> > applied when a session is first created.  The user will no longer need
> > to authenticate so long as that session is still active OR the auth
> > timeout has not expired.
> >
> > You could always issue the "clear auth" and "clear session" commands
> > at CLI to force the user to reauthenticate.
> >
> > Also, you may want to adjust your auth-server timeout for local users:
> >
> > set auth-server Local timeout 30
> >
> > Cheers,
> >
> > Stefan Fouant
> >
> > On Tue, May 6, 2008 at 4:33 AM, M.Mihailidis <mixalism at gmail.com> wrote:
> > > Hello im trying to configure authentication for users. Im using auth
> user
> > as
> > > a method but I have a question
> > >
> > > Isn't there a timeout for a user like webauth to relogin to have
access
> > > again? There is a timeout in the auth server (local)but even when the
> > > username /password is shown and im not giving the right usr/pass the
> user
> > > still has access.
> > >
> > >
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> >
>
>



More information about the juniper-nsp mailing list