Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

InterScan Web Security Suite (IWSS) Simple Authentication still uses Kerberos when sending login credentials to the LDAP server

    • Updated:
    • 5 Oct 2015
    • Product/Version:
    • InterScan Web Security Suite 3.1 Linux
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - SuSE version 10
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 8 (SunOS 5.8)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
Summary

An administrator set IWSS to use the User/group name via proxy authentication option, to identify incoming connections, and to authenticate with the LDAP server using the Simple method. However, these configurations do not work because IWSS still sends the login credentials to the LDAP server in an encrypted format.

The Simple method should not be using Kerberos, as all communications with the LDAP server should be in ClearText.

These settings can be found in the IWSS web console via HTTP > Configuration > LDAP.

Details
Public

IWSS was designed to communicate with the LDAP server in an encrypted format, regardless of whether the Simple or Advanced method is selected. This prevents users of a Packet Sniffer to see the login credentials of other users.

Trend Micro recommends using the Advanced method when authenticating with the LDAP server.

Premium
Internal
Rating:
Category:
Install
Solution Id:
1031826
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.