We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

Why do I sometimes get prompted for my password on my Barracuda SSL VPN?

  • Type: Knowledgebase
  • Date changed: 8 years ago
Solution #00003805

Scope:
This solution applies to Barracuda SSL VPNs, all firmware versions.

Answer:

When logging into SSL VPN you may sometimes get prompted for your password, even though you selected an authentication scheme that does not contain the Password module.

SSL VPN allows the storage of confidential attributes. These attributes are stored securely on the server by encrypting them with a public/private key pair. In order to protect this data the private key must be encrypted using a suitable pass phrase.

The default behavior of SSL VPN is to encrypt this private key using the user’s SSL VPN password. When logging in using an Authentication Scheme that uses the password module, these attributes automatically get decrypted for the user. However, if the user logs on using a scheme which does not use password, such as Client Certificates, then when logging in for the first time after a restart of the server the user will be prompted to enter their password so that the server can decrypt the key and gain access to the confidential attributes. The user will also be prompted to enter their old password if the password changes outside of SSL VPN, for example in an Active Directory environment.

You can change this behavior using the options under Access Control > Security Settings in the Confidential Attributes section. If Confidential Mode is set to Prompt, the user will be required to enter a unique pass phrase independent of their password, if set to Disabled the user will not be prompted and confidential attributes will not be encrypted.


Link to This Page:
https://campus.barracuda.com/solution/50160000000HUjBAAW