Skipping ADEP Authentication

Similar Messages

• 10g - disconnected analytics, skip authentication when synchronization

  hi, experts,
  is it possible to skip the authentication when synchronizing the data on the client (no need to click the "Get Server Info" button)?

  if the username is not Administrator on "Get Server Info"
  this error prompts
  80011 Error in accessing the disconnected application definition (.dad) file on the remote server
  Cause. Unable to download the Disconnected Application Definition file
  Response. Contact your system administrator for more details
  (http://download.oracle.com/otndocs/products/bi/bi-ee/docs/784/AnyMsg.pdf)

• How to redirect to j_security_check without the form based authentication

  Hi,
  I am trying to integrate my application authentication to a backend system with the ibm websphere form based authentication. Below is the scenario:
  1. when the user clicks on a protected url, the container will redirect the user to the login page.
  2. instead of displaying the login page, i would like to automatically redirect the user to j_security_check action. which means that instead of displaying the login.jsp page, the user will automatically be redirected to j_security_check to perform some user authentication, and if successful, the application pages will be displayed.
  The reason i want to auto redirect the user to j_security_check is because i am implementing some integration work with a backend system. the user will key in the username/password from another system. once the user is authenticated, the user information will be passed to my system. The login page of my system will not be displayed again, and by using the username value, my system will assume that the user has successfully been authenticated (authentication done by the backend system), and therefore automatically gain authorization to login into my application.
  i hope that clarifies my problem.
  anyone out there has any solution to my problem?
  thanks a lot in advance.

  Hi Darren,
  Let me explain the whole authentication environment.
  There are actually 2 systems in this environment. Let;s call it system A and system B.
  System B is actually using the authentication mechanism that i described in my previous message.
  A login page will be presented to the user (within system A). User credential is collected and passed to system A to be authenticated. System A will use its own mechanism to authenticate the user.
  Once the user is authenticated, system A will pass the user ID to system B. At this point, system B will assume that the user is authenticated and grant authorization to access the application. (system B global security is enabled and implements the form based authentication mechanism) Therefore, at this point, the redirect page (so called login page) will not be displayed to the user, instead it will be automatically redirected to the j_security_check action to execute the customer Ldap Registry class. (ps : eventhough authentication is no longer needed, the flow will still go to Ldap Registry class. A check is done in the Ldap Registry class to skip the authentication, if it is not boot strap login. Only first and only time authentication is done for boot strap login).
  In the case a protected url is clicked or invoked by the user directly, the application will redirect the user to the initial login of system A. Otherwise (the url link originates from system A, during the passing of user token to system B), system B will redirect to j_security_check and execute the customer Ldap Registry class.
  Based on the above explained scenario, in your opinion, is there any security loopholes? consider that system B no longer perform authentication but only to grant authorization to the user.
  Appreciate your advice. Thanks in advance
  Anyway, i am using the ibm websphere server. :)

• Authentication failed in rest service

  Hi All,
       I have created a small process in workbench, when i am trying to access it through url. It is asking me for the user name and password. So i entered my default user name and password  (administrator/password), but authentication is failed.
  So i am wondring which username and password i have to use.
  I am using workbench ES3

  Supply same login credentials what used to login to workbench/adminui, it should work. Also you can skip the authentication step by follwing the below steps on adminui after login: (These ateps on LiveCycle ES2)
  1. Browse to the service (Home > Services > Applications and Services > Service Management) and select the service/process
  2. Go the security TAB and select "NO" to "Require callers to authenticate:" also select "Run As:" to "System" then save.
  3. Try the url, it should skip the authentication step.

• BADI authentication check

  You can't create a class that inherites from CL_HRPAD00AUTH_CHECK_STD, because this class is already final.
  It should be another way to implement a BADI that checks authentication without skipping system authentication.
  Any ideas?

  Created as a seperate post from Badi - it is better to ask your own question than to respond to an old one.
  matt

• Sorry, something went wrong - Open Office File from Search Results Page with Office Web Apps

  Hi,
  I'm getting "Sorry, something went wrong" error when I'm trying to open any office document from inside Search Results Page with Office Web Apps, the same error is appearing in the document preview as well.
  The error in SharePoint logs says that the file cannot be found.
  Please note that this error is coming only when the "Filename" of the document is not written in English (in my case its written with Arabic characters).
  If I try to open it from the document library, its opening properly with no errors.
  The only difference between two URLs (document URL in Search Results and in Document Library) is the value for "sourcedoc" attribute;
  In the case of Search Results page, the filename in "sourcedoc" attribute is kept as is with Arabic characters.
  While in the Document Library, the filename in "sourcedoc" attribute is converted into different characters (something like: "B9%D9%85%D9%8").
  Anybody have an idea on how to overcome this issue, implement a workaround or modify the "sourcedoc" behavior?
  Thanks in Advance.
  Hamza AlSughier

  Dear Wendy,
  Thanks for your efforts, I already tried your last suggestion before, but this didn't solve my problem.
  Actually my end users are accessing this portal using ADFS and HTTPS.
  Finally I got this solved, I have done below to get my overall solution working perfectly:
  - First I have configured Windows Authentication and ADFS Authentication on the same zone which is the default zone.
  - The issue when opening office documents with Arabic file name has disappeared as a result of first change.
  - Then I have faced an issue where we are not able to crawl content under Default zone, however we have to do so, after too many efforts, I found that its related to the Load-balancer/proxy, I have made the crawler server
  to crawl himself (http://CrawlServerName:PortNumber).
  - Also a change on Alternate Access Mapping was needed, I have set one of the extended zones (which is running Windows Authentication only) as Internal URL for the Default Zone, and this is was the URL I used for Crawling.
  I have configured Server Name Mappings to make sure we got proper URLs in Search Results.
  - Then we faced another issue, which is Authentication selection on login page (How to bypass this page, and authenticate using ADFS auto), I used this solution (Set Custom Sign In Page):
  http://0ut0ftheb0x.wordpress.com/2014/01/04/skip-the-authentication-selection-page-at-_logindefault-aspx-in-a-mixed-authentication-environment/.
  - I faced one more issue as a result of above workaround; Sign Out functionality wasn't working well; users get logged in automatically whenever I click on Sign Out. I solved this by modifying the "Sign Out" Control under _layouts;
  I made it to redirect users to ADFS Sign Out Page instead of SharePoint Sign Out Page (I know its not recommended, but I don't have any other option).
  Hamza AlSughier

• Cisco ISE 1.1.1 External RADIUS Proxy

  Hello,
  I am looking to port legacy ACS 4.2 "proxy distribution tables" to ISE 1.1.1 and I am currently a little at a loss where to start.   I know I have to add the External RADIUS Server, Configure a RADIUS Server Sequence that will skip local authentications then send to the External RADIUS server.  How do I match this authentication and how do I match it to an authorization rule?   Is this the Network Access:Use Case equals proxy?   There is no documentation on this, so any insights are greatly appreciated.

  Thank you,
  I duplicated the Dot1x Authentication Rule, and changed allowed protocols to "RADIUS Server Sequence : MySequence"
  In the RADIUS Server Sequence under the advanced tab I have it set to "Continue to Authorization Policy'.
  Which Authorization rule would match?
  Network Access:RADIUS Server Sequence EQUAL MySequence
  OR
  Network Access:UseCase EQUALS Proxy
  OR
  None of the above?
  Thanks

• Why do I have to logon each time when opening a office Document from a SharePoint 2010 Library

  Hello guys,
  I'm facing some design issue with sharepoint 2010 and Microsoft office, hope you can help me to fix this.
  Why do I have to logon each time when opening a office Document from a SharePoint Library when I'm already authenticated via the browser?
  Please help me to skip this authentication when i try to open office documents from sharepoint library.
  Thanks
  Jeyaraman S

  Hi Jeyaraman, in addition to Alex's solution, check the following browser settings:
  Make sure “Enable protected mode” in security tab & “Require server verification” in “sites” area are unchecked. In “Custom level,” choose “Automatic logon” way at the bottom.
  cameron rautmann

• Advanced Analysis MS Office: Not able to authenticate

  Hi All,
  I am using BO 4.0 Analysis, Edition MS Office for reporting. We have version 1.1 installed on the client machine. When I try to launch Analysis Excel on my system, it brings up the BOBJ authentication screen. Even after giving all the details, the OK option is greyed out.
  If I select Skip (BOBJ authentication), it brings up the BW system and from here I can work without any problem. Its only the first step where the OK option is greyed out and not able to do anything except to skip that option.
  Has anyone come across this issue ? I don't think it is a problem with the version of Business Objects as we are on the latest version.
  Please help !
  Thanks,
  Prasad

  Hi Daniel,
  The Analysis Office BIP Add-On is quite new. It was recently released with AO 1.4 SP4, so there are some "missing functionalities" that are already on the backlog for future releases. As a workaround, you can use the CMC's Instance Manager to check the executed jobs.
  You can refer to the chapter 10 of the "User Guide for AO" for more information and details regarding the scheduling functionality. You can download the User Guide by visiting the link below:
  http://help.sap.com/businessobject/product_guides/AMS14/en/14SP6_aaoffice_user_en.pdf
  Regards,
  Filipe

• Webservice-(Proxy to Soap)

  Hi All,
  I am having a requirement of  Proxy to Soap synchronous scenario.
  In that Client has given three webservices to connect 3rd party systems.
  1.Authentication information (seperate)
  2. Request
  3. Response
  I skipped the first webservice , as we can use the authentication option in communication channel.
  Please let me know, any further settings has to done in client side or in PI side for skipping  this authentication webservice.
  Thanks,
  Karthikeyan.

  authentication can always be provided in the SOAP CC.
  So you should be fine.
  Additional Reference - /people/shabarish.vijayakumar/blog/2008/01/08/troubleshooting--rfc-and-soap-scenarios-updated-on-20042009

• Calling Webservice in Portlet

  Hi,
  Kindly let me know if we can call a webservice in a portlet and if yes, how???

  In general, yes, of course. How? Like from any other java code!
  The thing can become trickier, if you want to use some environmental variables (e.g. skip the authentication, call a webservice of a portal where the portlet runs, etc.)
  You should be more specific.

• Logout fails Authorization Scheme

  I'm using the following logout url on the authentication scheme:
  wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=140:12
  On page 12 the authorization scheme is - No Page Authorization Required - and the Authentication is 'Page is Public'.
  Page 12 fails on authentication. I get Access denied by Application security check and the error message for the authentication scheme.
  I know it's happening because the authentication scheme is using a query to verify the user exists in a table:
  Exists SQL Query
  select 1
  from Personnel
  where upper(USERid) = :APP_USER
  :APP_USER is now empty because they logged out.
  My question is how can I get the application to skip the authentication scheme? I thought when I picked, 'no page authorization required' and 'page is public' the application no longer checks the authentication and authorization.
  Thanks, Elizabeth

  Sorry about that. I tried to write it from memory.
  I'm using the following logout url on the Authentication Scheme:
  wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=140:12
  On page 12 the Authorization Scheme is - No Page Authorization Required - and the Authentication is 'Page is Public'.
  Page 12 fails on authorization. I get Access denied by Application security check and the error message for the Authorization Scheme.
  I know it's happening because the Authorization Scheme is using a query to verify the user exists in a table:
  Exists SQL Query
  select 1
  from Personnel
  where upper(USERid) = :APP_USER
  :APP_USER is now empty because they logged out.
  My question is how can I get the application to skip the Authorization Scheme? I thought when I picked, 'no page authorization required' and 'page is public' the application no longer checks the authentication and authorization.
  Thanks, Elizabeth

• LDAP Authenticaation for CUP

  Hi Experts ,
  I would like to know more about different User Authentication sources that could be  in CUP.
  Is it possible to skip the authentications like LDAP / UME / SAP provided by CUP & configure ESO authentication..
  Regards,
  Shailesh
  Edited by: Shailesh Deshpande on Jan 13, 2009 1:32 PM
  Edited by: Shailesh Deshpande on Jan 14, 2009 6:42 AM

  Hi Shailesh,
     What do you want to know about User Authentication sources? Can you be more specific?
  The authentication shceme in CUP is only being used for End Users (Requesters). You can use SAP R/3, UME, HR, LDAP etc to authenticate users.
  I am sorry but I don't know about ESO authentication. CUP supports only some of the authentication schemes out of the box but you can use other authentication schemes via UME.
  Set up UME to talk to other authentication schemes (BASIS person should be able to do this) and set up UME as authentication scheme in CUP.
  Regards,
  Alpesh

• Subscriber Message Import Cobras

  Im having an issue with a few accounts.  I have about 800-900 accounts to import.  Everything is going fine, but a few are failing on message imports.  Im not sure if its because im doing too many at once or what.   I can select 3 for testing and they import their voicemails fine.  But then it will pop a message with 5 retries, check antivirus, or smtp configs on the CUC server.   I know SMTP is working because I can telnet to port 25 from the COBRAS workstation to CUC and get the telnet responses.  I can import a few accounts messages, no issues.   Is there some sort of bug with this on the number of ussers at once?  Or should I be doing these in batches of uses for messages?
  Thanks!

  Thanks Jeff for the response.  Here is a snipit from the log:
  Messages
                    (error) failure returned from IMAP library=ChilkatLog:   SendEmail:     DllDate: Sep  8 2009     UnlockPrefix: CISCOMAILQ     Username: unitymsgstoresvc     Component: ActiveX     Recipients:       NumTo: 1       To: [email protected]       NumCC: 0       NumBCC: 0     Need new SMTP connection     No SMTP login provided.     No SMTP password provided.     Skipping SMTP authentication because no login/password provided.     SMTP_Connect:       Connecting to SMTP server 192.168.35.32:25       smtp_host: 192.168.35.32       smtp_port: 25       smtp_user: NULL       auth-method: NONE       InitialResponse: 220 IMCUNITYCON1 UnityMailer (ver 1.0); Mon Jan 03 14:34:45 PST 2011       sendingHello: EHLO IMCUNITY0.company123.com       helloResponse: 250-IMCUNITYCON1:8025 Hello 192.168.35.22 [192.168.35.22] 250-SIZE 10000000 250-PIPELINING 250-AUTH LOGIN 250 HELP       smtpAuthMethod: NONE       login_method: NONE or already authenticated       CONNECTED to ESMTP server 192.168.35.32:25       ConnectionType: Unencrypted TCP/IP     subject: Message from an unidentified caller (6263800194)     reversePath: unityconnection     recipients:       to: [email protected]     email_size: 30729     socket is not ready for writing     idleTimeoutMs: 30000     Socket send idle timeout     Failed when sending end-of-body     CommandSent: 0     GotResponseCode: -1     TimedOut: 0     Aborted: 0     NumSuccess: 0     NumTotal: 1     Send failed.   354
                    (error) failure sending email message via SMTP for message with subject=Message from an unidentified caller (4029820710) in SendMessageToServer_Unity.
                    (error) failure returned from IMAP library=ChilkatLog:   SendEmail:     DllDate: Sep  8 2009     UnlockPrefix: CISCOMAILQ     Username: unitymsgstoresvc     Component: ActiveX     Recipients:       NumTo: 1       To: [email protected]       NumCC: 0       NumBCC: 0     Need new SMTP connection     No SMTP login provided.     No SMTP password provided.     Skipping SMTP authentication because no login/password provided.     SMTP_Connect:       Connecting to SMTP server 192.168.35.32:25       smtp_host: 192.168.35.32       smtp_port: 25       smtp_user: NULL       auth-method: NONE       InitialResponse: 220 IMCUNITYCON1 UnityMailer (ver 1.0); Mon Jan 03 14:33:44 PST 2011       sendingHello: EHLO IMCUNITY0.company123.com       helloResponse: 250-IMCUNITYCON1:8025 Hello 192.168.35.22 [192.168.35.22] 250-SIZE 10000000 250-PIPELINING 250-AUTH LOGIN 250 HELP       smtpAuthMethod: NONE       login_method: NONE or already authenticated       CONNECTED to ESMTP server 192.168.35.32:25       ConnectionType: Unencrypted TCP/IP     subject: Message from an unidentified caller (4029820710)     reversePath: unityconnection     recipients:       to: [email protected]     email_size: 49579     socket is not ready for writing     idleTimeoutMs: 30000     Socket send idle timeout     Failed when sending email body     220 IMCUNITYCON1 UnityMailer (ver 1.0); Mon Jan 03 14:33:44 PST 2011 250-IMCUNITYCON1:8025 Hello 192.168.35.22 [192.168.35.22] 250-SIZE 10000000 250-PIPELINING 250-AUTH LOGIN 250 HELP MAIL FROM: 250 2.1.0 . Sender ok RCPT TO: 250 2.1.5 . Recipient ok DATA 354 Enter mail, end with . Content-Transfer-Encoding: base64 X-CiscoUnity-Status: NEW Importance: Normal Sensitivity: None X-CiscoUnity-CallerANI: 4029820710 X-CiscoUnity-MessageType: Voice Date: 10 Sep 2009 00:08:20.0000 UT Content-Type: audio/x-wav;name="VoiceMessage.wav" Subject: Message from an unidentified caller (4029820710) To: "Nadene Martin"  From: unityconnection Message-ID: <[email protected]> UklGRtqLAABXQVZFZm10IBIAAAAHAAEAQB8AAEAfAAABAAgAAABmYWN0BAAAAKiLAABkYXRh qIsAAP////////9+//////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////9+//////////////////////////////////////// ////////////////////////////////////fv////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// ////////////fv////////////////////////////////////////////////////////// ////////////////////////fv////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// ////////////////////////////fv////////////////////////////////////////// /////////// ...     NumSuccess: 0     NumTotal: 1     Send failed.   0
                    (error) failure sending email message via SMTP for message with subject=Message from an unidentified caller (6262738288) in SendMessageToServer_Unity.
                    (error) failure sending email message via SMTP for message with subject=Message from an unidentified caller (6263800194) in SendMessageToServer_Unity.
                    (error) failure returned from IMAP library=ChilkatLog:   SendEmail:     DllDate: Sep  8 2009     UnlockPrefix: CISCOMAILQ     Username: unitymsgstoresvc     Component: ActiveX     Recipients:       NumTo: 1       To: [email protected]       NumCC: 0       NumBCC: 0     Need new SMTP connection     No SMTP login provided.     No SMTP password provided.     Skipping SMTP authentication because no login/password provided.     SMTP_Connect:       Connecting to SMTP server 192.168.35.32:25       smtp_host: 192.168.35.32       smtp_port: 25       smtp_user: NULL       auth-method: NONE       InitialResponse: 220 IMCUNITYCON1 UnityMailer (ver 1.0); Mon Jan 03 14:34:15 PST 2011       sendingHello: EHLO IMCUNITY0.company123.com       helloResponse: 250-IMCUNITYCON1:8025 Hello 192.168.35.22 [192.168.35.22] 250-SIZE 10000000 250-PIPELINING 250-AUTH LOGIN 250 HELP       smtpAuthMethod: NONE       login_method: NONE or already authenticated       CONNECTED to ESMTP server 192.168.35.32:25       ConnectionType: Unencrypted TCP/IP     subject: Message from an unidentified caller (6262738288)     reversePath: unityconnection     recipients:       to: [email protected]     email_size: 44601     socket is not ready for writing     idleTimeoutMs: 30000     Socket send idle timeout     Failed when sending email body     220 IMCUNITYCON1 UnityMailer (ver 1.0); Mon Jan 03 14:34:15 PST 2011 250-IMCUNITYCON1:8025 Hello 192.168.35.22 [192.168.35.22] 250-SIZE 10000000 250-PIPELINING 250-AUTH LOGIN 250 HELP MAIL FROM: 250 2.1.0 . Sender ok RCPT TO: 250 2.1.5 . Recipient ok DATA 354 Enter mail, end with . Content-Transfer-Encoding: base64 X-CiscoUnity-Status: NEW Importance: Normal Sensitivity: None X-CiscoUnity-CallerANI: 6262738288 X-CiscoUnity-MessageType: Voice Date: 08 Sep 2009 23:31:08.0000 UT Content-Type: audio/x-wav;name="VoiceMessage.wav" Subject: Message from an unidentified caller (6262738288) To: "Nadene Martin"  From: unityconnection Message-ID: <[email protected]> UklGRqp9AABXQVZFZm10IBIAAAAHAAEAQB8AAEAfAAABAAgAAABmYWN0BAAAAHh9AABkYXRh eH0AAP////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////9+fn7//////////////////////////////////35+//////////////////////// ////////fv////////////////////////////////////////////////////////////// //////////////////7///////////////9+fn5+fn5+fv///35+/n5+/v7+/v////////// //////////////////////////////////////////////////////////9+fn7///////// //////////////////////////9+fv//fn7/////////////////////////////fn5+fn5+ /////////// ...     NumSuccess: 0     NumTotal: 1     Send failed.   0
  Rachel Lewman
                    (warning) WAVFileUpload command to copy stream file to server timed out in RestoreWAVFileStream.  Retries exceeded, skipping file upload.  StreamId=6d69b3d1-a81e-421b-a1f5-86eb6279bdba.wav

• Proxy.cfg skipAuthForViaHeader parameter

  TID 3988333 says:
  skipAuthForViaHeader=1 (0 to disable)(Default=0)
  // Authentication to proxy bypassed when coming through another proxy.This setting must be configured in the proxy.cfg file to enable proxy to skip the authentication when the request is coming through another proxy.By default, proxy will request for authentication.
  This means to me that if I don't want authentication skipped if the NBM proxy is accessed by another proxy, then I would want this set to 0.
  Craig, in his Proxy.cfg says:
  ; New parameter from BM3.9SP1
  ; =1 prevents authentication from being bypassed when proxy accessed
  ; from another proxy. (Schools, take note!)
  skipAuthForViaHeader=1
  I read Craig's note as meaning that if I don't want authentication skipped if the NBM proxy is accessed by another proxy, then I would want this set to 1.
  Which is correct?
  Dan

  Luckily I don't have to deal with those in this environment; just adults that are not too savvy. However, It might be good to include as well just in case.
  Thanks, Craig. This is the kind of supporting information that might be useful to administrators so they can see 'why' you want to use the switch; not just what the states of the switch are. Of course I think I am 'preaching to the choir' as you have by far written the most on NBM and provided supporting documentation. Maybe a white paper on Proxy.cfg settings, when they are best used, whether they apply to just the forward proxy or reverse proxy or both, etc would be useful.
  I just found out the other day from Gonzalo that the Virus Definition patterns only apply to the reverse proxy. Therefore if I am not using a reverse proxy, I don't want to turn on that switch so I don't incur the additional overhead.
  Dan
  Originally Posted by Craig Johnson
  In article <[email protected]>, Dchunt wrote:
  > BTW, this parameter only comes into play if you have a proxy hierarchy,
  > right? IE, if you have a large organization and one part of it is using
  > a squid proxy then the output of that goes to an NBM proxy then the
  > output of that goes to the Internet, right? It doesn't come into play
  > if you have a single NBM proxy between you and the Internet, even if
  > you are going through the Internet to a site with a reverse proxy at
  > the far end, right?
  >
  I'll tell you when it comes into play... When you have some smart-*ssed
  teenager who finds out that without that switch he can run his own proxy
  (perhaps off a thumb drive) in a cache hierarchy, and completely bypass
  BMgr access rules.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***