New user questions

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

New user questions

TobyGroves
Hi,

I'm currently evaluating with a view to using this with our Watchguard firewall for securing VPN access as I can't trust our users to use decent passwords.

I've installed the server and run through the configuration steps and it seems to be more or less working but there are a few things I'm unsure of or just don't understand...

1. What's the purpose of the passphrase you're asked for when first installing the client software?

2. Adding two clients and trying to assign the same username doesn't work - is it not possible for a single user to make use of multiple clients?

3. Allowing my users to register themselves will be no good as they'll all use 123456 for their PIN or something stupid like that.  Can I pre-register users and set their PIN myself?

4. I'm presuming the server should be located in a DMZ as I'm exposing it to the Internet for token access?

Thanks for any info or advice.

Regards,
Toby.
Reply | Threaded
Open this post in threaded view
|

Re: New user questions

Nick Owen
Administrator


On Nov 30, 2014 5:55 AM, "TobyGroves [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
>
> Hi,
>
> I'm currently evaluating with a view to using this with our Watchguard firewall for securing VPN access as I can't trust our users to use decent passwords.
>
> I've installed the server and run through the configuration steps and it seems to be more or less working but there are a few things I'm unsure of or just don't understand...
>
> 1. What's the purpose of the passphrase you're asked for when first installing the client software?

The token file is a p12, the passphrase just protects it. The concern is if an attacker gets the laptop, say, it would provide a minor layer of protection.
>
> 2. Adding two clients and trying to assign the same username doesn't work - is it not possible for a single user to make use of multiple clients?

You can do this via the api. Check out the example.jsp page. https://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server/installing-the-wikid-strong-authentication-server-enterprise-edition-page-5

>
> 3. Allowing my users to register themselves will be no good as they'll all use 123456 for their PIN or something stupid like that.  Can I pre-register users and set their PIN myself?

This is a tough one. If you do, then it is something you also know. It is also hard because we use asymmetric encryption and the keys are generated on the device so the pin choice is made after. On the plus side, WE don't know the keys!

We do not have this functionality.
>
> 4. I'm presuming the server should be located in a DMZ as I'm exposing it to the Internet for token access?

Yes. Of course the server can be NAT'd. And you can proxy the requests through apache or whatever. Be sure to use the external ip for the domain identifier.
>
> Thanks for any info or advice.

Thanks for checking us out!
>
> Regards,
> Toby.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/New-user-questions-tp7575104.html
> To start a new topic under General Discussions, email [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML