Contact Auth Agent at Src, Dst, Third Party

[BarryStiefel]

Contact Auth Agent at Src, Dst, Third Party



When a connection is held for session auth, it can be authenticated at one of three places:

• Source: The machine that originated the connection currently being held.
• Destination: The machine that the connection is destined for.
• Third Party: A third party machine is contacted for authentication.

Whomever is supposed to be contacted, the machine will be contacted on TCP port 261 (thus any Session Auth agent must run as root on a Unix machine). It will provide authentication information back to the firewall. FireWall-1 will decide to pass the traffic or not based on the authentication information provided.

Most of the time, you want to contact the authentication agent on the source (i.e. the originator of the connection). Destination is usually used for X windows connections or any other application where the client-server model is reversed.

-- PhoneBoy - 30 Dec 2003

FAQForm FAQs.Class: AuthenticationFAQs OperatingSystem?: FAQs.Version: