PROXY Pro Host User Guide
×
Menu

Shared Secret Password Authentication

If the Host security is set to Windows Authentication but the Host is not in the same domain as a known PROXY Pro Gateway (i.e. a Gateway listed on the Gateways tab), Windows Authentication will fail (the Host cannot authenticate PROXY Pro Gateway account credentials if domain controller with Active Directory is not accessible).  To get around this problem without requiring any manual configuration management on the Host machine, the PROXY Pro Host and PROXY Pro Gateway are programmed to automatically establish a 16-byte secret password between each other called a ‘shared secret password’. This secret is established behind the scenes when the Host and the known PROXY Pro Gateway first communicate with each other, and is unique to each PROXY Pro Gateway/Host pair.
 
NOTE: During this initial connection, the Host implicitly trusts the PROXY Pro Gateway because it is on the known Gateways list. For stronger authentication, use SSL to confirm the identity of the PROXY Pro Gateway.
 
On all subsequent connection attempts when the Host and PROXY Pro Gateway are not in the same domain, the shared secret password will be presented and accepted for authentication (because it is known only to the Host and PROXY Pro Gateway). No configuration change is required and the Host security remains set at Windows Authentication for all other requests. This authentication method is ideal for the following situations:
 
u   Host not installed before domain ‘RemoteControlGateway’ account was created: Previously, this account had to be added manually to the Host security settings (or some other Gateway account had to be created and added to the Host security settings). As long as the PROXY Pro Gateway is on the known list of PROXY Pro Gateways on the Host’s Gateways tab, the Host will automatically add that Gateway’s service account to its security settings list with full access rights. With this autoconfiguration feature, there is no longer any need to manually add the Gateway service account or to create and configure a new Gateway user account on the Host.
u   PROXY Pro Gateway requests a connection and Host security is set to Simple Password: Previously, the Host did not ask for a password from the PROXY Pro Gateway. Now, the PROXY Pro Gateway will be asked to share a secret password with the Host, and will be required to present it to the Host for a connection request, even with Host security set to Simple Password.