 | ||
 S/Key Support is deprecated in NG AI (R54) and above | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-13 | |||
| |||
 S/Key Support is deprecated in NG AI (R54) and above S/Key Support is deprecated in NG AI (R54) and above S/Key is deprecated as of NGAI (R54), that is correct. The major reasons are: Not too many people use it anymore. S/Key doesn't lend itself to use in a High-Availability configuration since each chain is tied to a specific host. A couple of suggestions include: Use a commercial-grade one-time password system like SecurID. Configure a RADIUS server on some Unix box to provide authentication via S/Key. I have no idea if this is possible or not, but it seems reasonable. Due to the limitations of S/Key, it won't be possible to make this RADIUS server highly-available without reusing one-time passwords in some way. -- PhoneBoy - 30 Dec 2003 -- RayLodato - 15 Jan 2004 FAQForm FAQs.Class: AuthenticationFAQs FAQs.OS: FAQs.Version: NG AI  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
