Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 2.0 - GATEWAY
12345678910
User authentication
Authentication is the process of verifying a user via a username and password. User
authentication may be configured on Websense Content Gateway or in TRITON -
Web Security.
Content Gateway authentication
The proxy can be configured for transparent user authentication with NTLM, in
which case users are not prompted for credentials, or for explicit (or manual)
authentication, in which case users are required to enter a username and password for
network access.
In the manual authentication process, Content Gateway prompts a user for proxy login
credentials when that user requests Internet content. After the user enters those
credentials, the proxy sends them to a directory server, which validates the data. If the
directory server accepts the users credentials, the proxy delivers the requested
content. Otherwise, by default the users request is denied. If enabled, a proxy Fail
Open option allows a user request to proceed after authentication failure and be
subject to IP-based filtering. See Websense Content Gateway Online Help for more
information about the Fail Open option.
The issue of proxy authentication is important in a deployment in which multiple
proxies are chained. Authentication by the proxy closest to the client is preferred, but
may not be possible given a particular network’s configuration. Other issues include
whether Content Gateway is chained with a third-party proxy and which proxy is
designated to perform authentication. See In a proxy chain for more information.
Websense Content Gateway supports the following proxy authentication methods:
NTLM (Windows NT® LAN Manager)
LDAP (Lightweight Directory Access Protocol)
RADIUS (Remote Authentication Dial-In User Service)
Content Gateway supports both transparent and explicit authentication for Windows®
NTLM authentication. LDAP and RADIUS support explicit authentication.
Support for multiple authentication realms is available for NTLM and LDAP
authentication. An authentication realm consists of a set of clients, identified by client
IP range or User-Agent, that must authenticate with a specific set of authentication
Note
Not all Web browsers support both transparent and explicit
authentication modes in Websense Content Gateway. See
Websense Content Gateway Online Help, in the chapter
titled Security, for specific browser limitations.