Authentication methods

[khris2fer74]

So I realize that you can manage the save of passwords and forcing them to not save when using the standard password option, but you can't force it to not save when using Domain authentication.... I get that Domain auth is "more secure" but you take a layer of security off by not allowing the save of passwords for the domain auth in the same way for standard password policy... if they could be combined that would be great. I also see that the certificate authentication is suppose to be the "most secure" however..............all you have to is click connect in order to connect the vpn which is really no different than having a password saved. I don't understand why these features can't be combined to add layers of security together. Because of that....it hinders the security on each of them. So really the best option I can see so far is using the "standard password option" using strong passwords and enabling policy to not allow the password to be saved. If anyone has any ideas on this please surprise me. Thanks


Chris

[solo]

you can't force it to not save when using Domain authentication....

But you can...
.

NT Domain - When Password Authentication Fails - Dont Save Password.png

[khris2fer74]

Yes I realized that. But all the person has to do is uncheck do not save password and it will save it. I would like a way to control it from the server to force it not to save so the user has no control but to put the password in.

[solo]

Try the following:
- connect once with checked "do not save password"
- disconnect
- stop the SE service
- make vpn_client.config read-only
- start the SE service and run the manager

Passwords will not be saved in the file system but will be kept in RAM as if saved till reboot.