https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168324#M30448 <P>I know, my identity agents use kerberos for users and machines. But terminal agent on windows servers use for users (trust). My question: Its possible to change authentification for users or why terminal agent use trust instead of kerberos ? Both agent have same configuration on GW.</P> Thu, 19 Jan 2023 09:23:54 GMT vonsakfilip 2023-01-19T09:23:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168312#M30446 <P>Hi,</P><P>Its possible to configure kerberos authentification for users on terminal agent MUHv2 ? Machine authetification works but users use authentification trust. Thanks.</P> Thu, 19 Jan 2023 08:38:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168312#M30446 vonsakfilip 2023-01-19T08:38:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168315#M30447 <P>According to&nbsp;<SPAN>sk66761, kerberos is one of the option. For more info, look into the documentation:&nbsp;<A href="https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Search.htm?q=kerberos" target="_blank">https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Search.htm?q=kerberos</A></SPAN></P> Thu, 19 Jan 2023 08:49:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168315#M30447 _Val_ 2023-01-19T08:49:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168324#M30448 <P>I know, my identity agents use kerberos for users and machines. But terminal agent on windows servers use for users (trust). My question: Its possible to change authentification for users or why terminal agent use trust instead of kerberos ? Both agent have same configuration on GW.</P> Thu, 19 Jan 2023 09:23:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168324#M30448 vonsakfilip 2023-01-19T09:23:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168331#M30449 <P><SPAN>sk164998:&nbsp;</SPAN></P> <H4><A class="checkpoint_toggle" target="_blank">The Endpoint Identity Agent does not require a "Shared Secret". Why is this required for the TS Identity Agent?</A></H4> <DIV id="Q128"> <BLOCKQUOTE>The Endpoint Identity Agent authenticates to the Identity Server either with a username and password or via a Kerberos Ticket. For the TS Identity Agent, the authentication of users is not issued the same way, and thus for the Identity Server to trust the other end, a shared secret is used. This is to remove the possibility that a user may use this ability to claim that he is running a Terminal Server and indicate a false user. <P class="1674126020908">&nbsp;</P> </BLOCKQUOTE> </DIV> Thu, 19 Jan 2023 11:00:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168331#M30449 _Val_ 2023-01-19T11:00:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168337#M30450 <P>Thanks</P> Thu, 19 Jan 2023 11:30:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/User-kerberos-athentification-for-MUHv2-agent/m-p/168337#M30450 vonsakfilip 2023-01-19T11:30:51Z