Hot!Force USer Login when Passive Authentication is on

Author
Belgarioz
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/11/02 03:43:06
  • Status: offline
2019/05/13 01:40:20 (permalink) 5.4
0

Force USer Login when Passive Authentication is on

Hello,
 
I have a weird question my customer asked me:
 
They have a working passive authentication via Active Directory.
They asked if it is possibile for the administrator to go to a whatever computer and force his credentials to have full access without logging out and logging in with his AD credentials.
To make myself clear, he wants to force his authentication calling some kind of captive portal or telnbet/ssh login to grant him full access.
For some reason a situation similar to the URL filter override but applied to a whole policy.
#1

5 Replies Related Threads

    xsilver_FTNT
    Expert Member
    • Total Posts : 429
    • Scores: 91
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: Force USer Login when Passive Authentication is on 2019/05/13 02:02:35 (permalink)
    0
    Hello,
    just switching user and re-using FSSO mechanisms to update logon info for workstation, now with Admin user and respective full-access user group, isn't enough ?

    Kind Regards,
    Tomas
    #2
    Belgarioz
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/02 03:43:06
    • Status: offline
    Re: Force USer Login when Passive Authentication is on 2019/05/13 02:08:53 (permalink)
    0
    It's a solution the customer don't want sadly.
     
    He came from an old Check Point FW and he was able to telnet the firewall ip to create an active authentication to the firewall
     
    #3
    xsilver_FTNT
    Expert Member
    • Total Posts : 429
    • Scores: 91
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: Force USer Login when Passive Authentication is on 2019/05/13 02:19:30 (permalink)
    5 (2)
    :-D well then, there are no insecure telnet or punch-card slots to read data from, in 21st century firewalls.
     
    Maybe you can use REST-API to handle that authentication, hmm ?

    Kind Regards,
    Tomas
    #4
    Belgarioz
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/02 03:43:06
    • Status: offline
    Re: Force USer Login when Passive Authentication is on 2019/05/13 02:29:45 (permalink)
    0
    I know, my initial reply to the customer was "are you asking for this in 2019???"
     
    anyway, rest api is a good solution, though, im not finding a lot of documentation about it. It seems you need to be part of developing program, so you kinda have to pay to have more informations
    #5
    ede_pfau
    Expert Member
    • Total Posts : 6019
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Force USer Login when Passive Authentication is on 2019/05/13 06:11:19 (permalink)
    0
    punch-card slots...

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5