Allow different authentication per listener
I would like to use AD authentication for our company users, but don't want to expose those credentials to the Internet.
I would like to see an option to specify on a listener if the authentication is an AD/LDAP user or local user so that the interface we have NATTed to the internet only allows local Cerberus users and share links.
-
Hi, John.
Thanks for the feature request, our product team will take a look at this. In the meantime some other options that you may want to consider.
There are a few ways to use AD authentication for your company users without exposing those credentials to the internet.
One way is to use a proxy server. A proxy server is a server that sits between your users and the internet. It can be used to filter traffic, cache content, and provide other security features.
Another way to use AD authentication for your company users without exposing those credentials to the internet FTP server is to use a VPN. This allows your users to access resources on your network, such as your FTP server, without exposing their credentials to the internet.
Finally, one thing I'm starting to see is using a single sign-on (SSO) solution. SSO allows your users to sign in to multiple applications with a single set of credentials. This can be a good option if you have a lot of applications that your users need to access.
0 -
Hi,
Our server is behind a firewall, but we have certain accounts that need to log in from the outside to transfer data in and out of the company along with shared files sent out by our users. Specifying which interfaces that they can log in to, we can have one for internal users with SSO/AD/LDAP and one with cerberus users.
0 -
Completely understand.
It would be helpful to have the option to specify on a listener if the authentication is an AD/LDAP user or a local user. This would allow you to control who has access to your Cerberus server.
For example, you could have one listener that is only accessible to local users. This would allow you to share links with people not on your network. You could also have another listener that is only accessible to AD/LDAP users. This would allow you to control who can access your Cerberus server from the internet.
Hopefully it's something we can include in a future edition of Cerberus.
0 -
I would like to have a listener that requires SFTP+key authentication, that doesn't support SFTP+password. So that I can have one listener for password and one for public key.
0 -
Right, I made that post a year ago:
0 -
Hello Eric,
So I did spin up an enhancement request around that functionality at the time you submitted it. It's still active, I will reach out and let our team know that you're still interested. Sometimes features do take some time to get implemented, but I do appreciate you checking in on this.
0
Please sign in to leave a comment.
Comments
6 comments