• Home
• Products
• Zorp
• Modules
• Authentication

• Purchasing
• Information
• Print
• Send to mail

Authentication

The Zorp Authentication Server (ZAS) can authenticate all connections passing the network gateway. Network authentication aims to authenticate all connections initiated by the users to restrict access of certain services only to the authorized personnel. In contrast with the common practice that identifies the user with the IP address of his computer, the solution provided by Zorp identifies and audits the complete network traffic on the user level. Both inband (authentication within the protocol) and outband (authentication outside the protocol) is supported. The advantage of outband authentication is that it can be used with any protocol and authentication method, making it easy to implement single sign on that is transparent to the users.

ZAS in a nutshell

ZAS is not an authentication database, but a middleware that mediates the authentication between Zorp and an existing database that stores the user information. That way network authentication is easy to implement and integrates smoothly with the already established infrastructure. When a client tries to access a service (i.e. initiates a new connection) that requires authentication, the Zorp firewall forwards the authentication data (e.g.: username, password, etc.) to the user database via ZAS. Access to the service is granted only if the authentication is successful.

Supported databases

• LDAP (Microsoft Active Directory, POSIX, Novell Directory Services / Novell eDirectory)
• PAM
• RADIUS
• Apache htpasswd file
• Built in ZAS database
• TACACS

Supported methods

• username/password
• S/Key
• CryptoCard RB1
• LDAP binding
• GSSAPI/Kerberos5
• x.509 certificate

Single sign on

The Zorp Authentication Agent application and the Kerberos protocol together provide an effective single sign on solution where the user has to authenticate only once - the system automatically handles all later authentications. A further advantage of outband authentication is that it enables the use of strong authentication methods (e.g.: hardware token) with protocols that support only weak methods (e.g.: username/password).

Influencing the quality of service (QoS)

Zorp's dynamic decisions make it possible to assign connections of different quality to the users or user groups. For example, the bandwidth and other parameters of the connection can be modified based on the result of authentication, the client application used, the address of the target server, etc.