cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

MFE 8.3.x Active Passport with multi Authenticators

Hi Community,


I have McAfee Firewall Enterprise 8.3.1 (or 8.3.2).

I use Active Passport with iPlanet (LDAP).
Users before HTTP access, have to put iPlanet credentials in pop-up window in Web Browser.
After this, they have to HTTP access for some time.
This is working OK.


Now I've added another Authenticator (for example Active Directory - based on LDAP not MLC) and want to use both of them simultanously for Active Passport.
I've choose "Default authenticator" on Passport page. (see attached screen-shoot)


2014-09-09_17h13_34.png




I've tried to auth users from both authenticators, but works only with those choosen as "Default authenticator".


Question: Can I use both Passport Authenticators simultanously?


I've found on help page below info:

"Other authenticators selected in the Authenticators to establish Passport credentials list can be used to authenticate a connection and acquire an Active Passport."


Please answer how to config Active Passport with more than one Active Authenticator.


Best regards
Krzysztof Anzorge

1 Reply
sliedl
Level 14
Report Inappropriate Content
Message 2 of 2

Re: MFE 8.3.x Active Passport with multi Authenticators

This is from page 103 of the 8.3.2 Product Guide.  I knew how to find it by searching for the word 'switch', since I've had to send this to other customers as well:

Switching authentication methods during a logon session

The firewall allows you to use multiple authentication methods for a given access control rule (for

example, users might use RADIUS or Password for Telnet authentication). When logging on, a user can

change to another authentication method by typing :authenticator after the user name.

That's the name of the authenticator you created (not the word 'authenticator').  So for you a user could type 'swadmin:testowa' as their username and then enter the password for the testowa authenticator instead of the password for the default one, ADMOJE.

I'll paste this into the SR you just filed also and you can let them know that this works so we can then close out your SR.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator