InterScan Web Security Suite (IWSS) Simple Authentication still uses Kerberos when sending login credentials to the LDAP server

- Updated:
- 24 Nov 2016
- Product/Version:
- InterScan Web Security Suite 3.1 Linux
- Platform:
- Linux - Red Hat RHEL 3 32-bit
- Linux - Red Hat RHEL 4 32-bit
- Linux - Red Hat RHEL 5 32-bit
- Linux - SuSE version 10
- Unix - Solaris (Sun) version 10 (SunOS 5.10)
- Unix - Solaris (Sun) version 8 (SunOS 5.8)
- Unix - Solaris (Sun) version 9 (SunOS 5.9)

Summary

An administrator set IWSS to use the User/group name via proxy authentication option, to identify incoming connections, and to authenticate with the LDAP server using the Simple method. However, these configurations do not work because IWSS still sends the login credentials to the LDAP server in an encrypted format.

The Simple method should not be using Kerberos, as all communications with the LDAP server should be in ClearText.

These settings can be found in the IWSS web console via HTTP > Configuration > LDAP.

Details

IWSS was designed to communicate with the LDAP server in an encrypted format, regardless of whether the Simple or Advanced method is selected. This prevents users of a Packet Sniffer to see the login credentials of other users.

Trend Micro recommends using the Advanced method when authenticating with the LDAP server.

Rating:

Category:

Install

Solution Id:

1031826

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.