Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> Overview<br />
1.6 Supported Protocols<br />
The following protocols are supported by the <strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong>:<br />
PAP<br />
CHAP<br />
MS-CHAP with MPPE (Microsoft Point-to-Point Encryption)<br />
MS-CHAP2 with MPPE<br />
EAP-MD5<br />
1.7 Unsupported by <strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong><br />
1.7.1 Windows 2000 Limitations<br />
These are not supported with Windows 2000:<br />
EAP-MD5<br />
Challenge/Response<br />
1.7.2 Other Unsupported Protocols<br />
These protocols are not supported by the <strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong>:<br />
Other EAP types<br />
PEAP<br />
EAP-TTLS<br />
Various EAP types<br />
1.7.3 <strong>IAS</strong> Remote Access Policy Limitations<br />
Windows Server 2003<br />
Remote Access Policy Conditions may be set based the password protocol being used <strong>for</strong> an<br />
authentication request, using the Authentication-Type option.<br />
When the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> authenticates a login, the Authentication-Type is recorded within <strong>IAS</strong> as<br />
"Extension", regardless of the actual password protocol used. There<strong>for</strong>e, any Remote Access<br />
Policy Conditions limiting the password protocol being used will not work with the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>.<br />
Example<br />
Authentication-Type is set to PAP, meaning that any authentication requests which<br />
do not use the PAP password protocol will be rejected. If the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> is<br />
configured to use the PAP protocol, the Authentication-Type recognised when it<br />
makes an authentication request will be 'Extension' (meaning that <strong>IAS</strong> has<br />
recognised it as an <strong>IAS</strong> extension). The request will be failed by <strong>IAS</strong> because the<br />
password protocol being used by the <strong>Plug</strong>-<strong>In</strong> was only registered as 'Extension', not<br />
as 'PAP'.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 18