Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Generic Accounts (Non Interactive)

Hi All,

 

I am in the process of reviewing certain system accounts. The authentication method listed for those accounts are defined as 'Checkpoint Authentication'. However, the admin confirms that the accounts are not interractive and cannot be logged in using a password.  Is there any setting which could be used to confrim if this is the case.

 

thanks in advance.

tdfernando

 

 

 

0 Kudos
4 Replies
Highlighted
Admin
Admin

What is a non-interactive account? If the password is set, a user can use it. Some info must be missing here.

Highlighted
Participant

Hi Val. I am talking about system accounts, which are not used by the users. Trying to be comfortable that they cannot be accessed via a password. But Authentication Method- Checkpoint Authentication suggests that this is possible.

0 Kudos
Highlighted
Admin
Admin

@tdfernando still missing info. What are those accounts for? How do you use them?

My point is, if you define an account to have Check Point Authentication, you have to set up a password. If that password is known, it can be used. 

Please see all available options here: https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_SecurityManagement_AdminGuid... under "Managing user accounts"

 

0 Kudos
Highlighted
Admin
Admin

A screenshot of precisely what you’re talking about would be helpful.

In general, there are three types of users:

  • Admin users defined in SmartConsole. Other than the user created as part of the initial installation, all accounts that can be used to log in are clearly shown in SmartConsole.
  • Users used to authenticate for VPN or Identity Awareness. These typically come from Active Directory or RADIUS and may be defined as a group. You can also define “local” users that either use an external authentication mechanism. There are no “default” users here.
  • Gaia OS default users, which are used for operation/configuration of Gaia OS. The list of default accounts is here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

You can create local users for Identity Awareness/VPN that use “OS Password” as the authentication type.
However, those types of users must be explicitly created and do not exist by default.