[vpn] authentication with vpn
dgillett at deepforest.org
dgillett at deepforest.org
Tue Jan 1 21:42:05 EST 2002
On 1 Jan 2002, at 21:56, jean-philippe.planquart at wanad wrote:
> I want to deploy vpn service for home users to access to intranet
> network.
>
> Users will first connect through an ISP service, and then to an
> authentication server to access to my intranet. With this
> solution, users must authenticate twice :
> - first to the ISP to authorize access to Internet
> - Second, to the authentication Gateway to authorize access to the
> Intranet.
>
> Then, after authentication, we build vpn between home user and the
> Gateway. With this solution, people have to learn 2 passwords (
> for ISP and for my Gateway ). Has any body a solution to enter only
> one password ?
The two different authentications are to obtain access to resources
that are part of two different security domains. Combining them,
even if feasible, would be unwise.
As far as I can see, you have two choices:
1. Accept *anyone* connecting via that ISP, even if they're not one
of your users.
2. BECOME your own ISP -- run your own modem banks, with POPs in
major cities to save on long distance phone charges.... Wait, wasn't
the point of providing a VPN to get OUT of this business?
On the other hand, users may be able to save their ISP password, so
although their machine must authenticate multiple times, not all
require the *user* to authenticate. So the current situation need
not be unaccptably tedious.
Dave Gillett
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list