You can pass user credentials to Web servers on the secured network configured for Basic, Digest, or Integrated Windows Authentication. This feature avoids requiring users to enter their credentials multiple times to access Web resources. For example, if a team Web site in your organization is configured for Digest Authentication, you can pass the credentials with which users log on to the Access Gateway to that site. If you do not enable the URL address to support Digest Authentication, users might be required to log on to the Web site.
Note that the authentication required for a Web site is determined by the settings of the site’s host Web server.
When configuring a Web resource, you can enable its URL addresses to use one of the following methods of pass-through authentication:
Basic authentication: Credentials are passed to the Web site in plain text.
Important: Because credentials are passed in plain text, consider using SSL for Web sites that use Basic pass-through authentication.
Digest authentication: Hashed credentials are passed to the Web site using Digest Authentication.
Integrated Windows authentication: Hashed credentials are passed to the Web site using Integrated Authentication. NTLM or Kerberos authentication is used, depending on your Web server configuration.
Caution: When using any of the three pass-through authentication methods, the target Web application is first presented with the credentials with which the user logged on to the Access Gateway. Accessing Web sites that require a second, differing set of credentials through Access Gateway can result in the caching of the second set of credentials.
To specify pass-through authentication for a Web site
1. Click Start > All Programs > Citrix > Management Consoles > Access Management Console
2. In the console tree, select the Web resource and under Common Tasks, click Edit Web resource.
3. On the URL Addresses page, select the Web site’s URL and click Edit.
4. In the Authentication types supported area, select the authentication method being used by the Web site.
Disabling passthrough authentication on Citrix PNagent
Note that the authentication required for a Web site is determined by the settings of the site’s host Web server.
When configuring a Web resource, you can enable its URL addresses to use one of the following methods of pass-through authentication:
Basic authentication: Credentials are passed to the Web site in plain text.
Important: Because credentials are passed in plain text, consider using SSL for Web sites that use Basic pass-through authentication.
Digest authentication: Hashed credentials are passed to the Web site using Digest Authentication.
Integrated Windows authentication: Hashed credentials are passed to the Web site using Integrated Authentication. NTLM or Kerberos authentication is used, depending on your Web server configuration.
Caution: When using any of the three pass-through authentication methods, the target Web application is first presented with the credentials with which the user logged on to the Access Gateway. Accessing Web sites that require a second, differing set of credentials through Access Gateway can result in the caching of the second set of credentials.
To specify pass-through authentication for a Web site
1. Click Start > All Programs > Citrix > Management Consoles > Access Management Console
2. In the console tree, select the Web resource and under Common Tasks, click Edit Web resource.
3. On the URL Addresses page, select the Web site’s URL and click Edit.
4. In the Authentication types supported area, select the authentication method being used by the Web site.
Disabling passthrough authentication on Citrix PNagent
Occasionally as an administrator, you want to be able to log onto via our Citrix PNAgent with different credentials for testing. Depending on your farm setup, pass-through authentication is most likely enabled, and hence your client will be the same. To disable this on your workstation.
1. Open the registry and browse to: HKLM\System\CurrentControlSet\Control\NetworkProvider\HwOrder
2. Open ProviderOrder string, delete the entry PnSson
3. Now browse to HKLM\System\CurrentControlSet\Control\NetworkProvider\Order and delete the entry PnSson
4. Reboot
2. Open ProviderOrder string, delete the entry PnSson
3. Now browse to HKLM\System\CurrentControlSet\Control\NetworkProvider\Order and delete the entry PnSson
4. Reboot
0 comments:
Post a Comment