D-Link DFL-2500 User Guide - Page 153
Authentication Components
![]() |
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 153 highlights
134 Chapter 17. User Authentication • normal users accessing the network • PPPoE/PPTP/L2TP users - using PPP authentication methods • IPsec & IKE users - the entities authentication during the IKE negotiation phases (Implemented by Pre-shared Keys or Certificates. Refer to 22.1.4 IKE Integrity & Authentication.) • IKE XAuth users - extension to IKE authentication, occurring between negotiation phase 1 and phase 2 • user groups - group of users that are subject to same regulation criterion 17.2 Authentication Components D-Link firewalls can either use a locally stored database, or a database on an external server to provide user authentication. 17.2.1 Local User Database(UserDB) The Local User Database is a built-in registry inside D-Link firewalls, containing the profiles of the legal users and user groups. Users' names and passwords can be configured into this database, and the users having same privileges can be grouped up to ease the administration. One user can be stored as a member into more than one group, any change made to the group propagates to each group member. Passwords are stored in the configuration using reversible cryptography. This is in order to be compatible with various challenge-response authentication methods such as CHAP, and so forth. When the local user database is enabled, the firewall consults its internal user profiles to authenticate the user before approving any user's request. 17.2.2 External Authentication Server In a larger network topology, it is preferable to have one central database within a dedicated server or a cluster of servers to handle all the D-Link Firewalls User's Guide
![](/manual_guide/products/dlink-dfl2500-user-guide-83bdca9/153.png)