cancel
Showing results for 
Search instead for 
Did you mean: 
ztamas
Level 9

SFTP domain based authentication

Jump to solution

Hi,

Could someone tell me is it possible to authenticate the SFTP traffic basis on NTLM or Kerberos through SOCKS proxy?
I tried to connect and authenticate through the SOCKS proxy with WINSCP but it is not working.
I've found an option in the Kerberos authentication settings (SOCKS Kerberos specific parameters) but I don't know what it means. There is no information in the documentation about it.

Screen_02 Oct. 18 10.28.jpg

Thanks,
Zoltan

1 Solution

Accepted Solutions
bwallace1
Level 9

Re: SFTP domain based authentication

Jump to solution

Hi Zoltan -

As long as you are using SOCKS v5 this is possible.

  • NTLM, LDAP, etc, will work but note that NTLM needs to have “allow basic” enabled.
  • Kerberos auth (GSS API) requires updating the keytab file to include a SPN for the RCMD service:

      

Follow the Kerberos setup guide in the community: https://community.mcafee.com/docs/DOC-2682

It is best to have a rule set specifically for SOCKS traffic, so it is isolated from normal traffic. Within this rule set is where authentication would occur. Attached is a template for SOCKs which uses NTLM authentication.

4 Replies
bwallace1
Level 9

Re: SFTP domain based authentication

Jump to solution

Hi Zoltan -

As long as you are using SOCKS v5 this is possible.

  • NTLM, LDAP, etc, will work but note that NTLM needs to have “allow basic” enabled.
  • Kerberos auth (GSS API) requires updating the keytab file to include a SPN for the RCMD service:

      

Follow the Kerberos setup guide in the community: https://community.mcafee.com/docs/DOC-2682

It is best to have a rule set specifically for SOCKS traffic, so it is isolated from normal traffic. Within this rule set is where authentication would occur. Attached is a template for SOCKs which uses NTLM authentication.

akill
Level 9

Re: SFTP domain based authentication

Jump to solution

I hope in a future mcafee can support sftp or ftps natively

0 Kudos
ztamas
Level 9

Re: SFTP domain based authentication

Jump to solution

Hi Bwallace1,

Thanks for your help! The basic authentication is working perfectly.

Could you tell me what is the RCMD service?

Thanks!

Regards,

Zoltan

0 Kudos
jdepriest
Level 7

Re: SFTP domain based authentication

Jump to solution

Thank you for the wonderful example rule set.

It is much more thorough than what I came up with and provides lot of tuning opportunities.

-Jasey

0 Kudos