13.3 Local user database: external authentication and import of accounts

If a user works at a reserved workstation (i.e. this computer is not by any other user) with a fixed IP address (static or reserved at the DHCP server), the user can use automatic login from the particular IP address. This implies that whenever a connection attempt from this IP address is detected, WinRoute assumes that the connection is performed by the particular user and it does not require authentication. The user is logged-in automatically and all functions are available as if connected against the username and password.

This implies that only one user can be automatically authenticated from a particular IP address. When a user account is being created, WinRoute automatically detects whether the specified IP address is used for automatic login or not.

Automatic login can be set for the firewall (i.e. for the WinRoute host) or/and for any other host(s) (i.e. when the user connects also from an additional workstation, such as notebooks, etc.). An IP address group can be used for specification of multiple hosts (refer to chapter 12.1).

Warning: Automatic login decreases user’s security. If an unauthorized user works on the computer for which automatic login is enabled, he/she uses the identity of the host’s user who is authenticated automatically. Therefore, automatic login should be accompanied by another security feature, such as by user login to the operating system.

IP address which will be always assigned to the VPN client of the particular user can be specified under VPN client address. Using this method, a fixed IP address can be assigned to a user when he/she connects to the local network via the Kerio VPN Client. It is pos- sible to add this IP to the list of IP addresses from which the user will be authenticated automatically.

For detailed information on the Kerio Technologies’ proprietary VPN solution, refer to chapter 21.

Editing User Account

The Edit button opens a dialog window where you can edit the parameters of the user account. This dialog window contains all of the components of the account creation guide described above, divided into tabs in one window.

13.3Local user database: external authentication and import of ac- counts

User in the local database can be authenticated either at the Active Directory domain or at the Windows NT domain (see chapter 13.2, step one). To enable these authentication methods, corresponding domains must be set in the Local User Database section on the Authentication Options tab.

195

Page 195
Image 195
Kerio Tech Firewall6 manual Editing User Account, 195