Specifications
64
Authentication Schemes
Authentication is the means of verifying a user’s identity; this can be in the form of a password or a
code\key. To allow for greater security the Barracuda SSL VPN uses authentication schemes to
provide a multiple staged authentication process. This chapter details authentication schemes, their
purpose and how to implement a scheme.
By the end of this chapter the reader should have a sound understanding of authentication schemes and
how to implement a necessary scheme to meet their requirements.
What is an Authentication Scheme?
An authentication scheme is simply a container for any number of authentication modules, such as
OTP, Passwords, and Certificates. This approach means that multi-tiered authentication can easily be
implemented and even linked to existing authentication systems. The authentication scheme is then
used as the basis of the logon policy. The Barracuda SSL VPN allows for more than one of these
schemes to be created and used.
It is important to note that certain authentication modules can only be used by themselves that is they
cannot be combined with other authentication modules. The following section titled Authentication
Modules describes any limitations pertinent to a module if any should occur.
When a user starts the authentication process they first have to enter a User ID. Once the User ID is
submitted, checks are made to determine the correct authentication method to be used. This approach
allows for different authentication methods to be used for different groups of users. For example users
attached to a Sales policy may only have to enter a User ID and password, whereas Sales Management
may be attached to a policy that uses a password and PIN authentication scheme.
The built in authentication schemes allow those wanting to build a single, double or even a triple
factored process to do so with ease. All authentication schemes defined are visible from the
authentication scheme page. Each of the schemes is listed in its order of priority.