(Firewall only) Local database authentication—To
Configure
Local Database Authentication, you create a database that
runs locally on the firewall and contains user accounts (usernames
and passwords or hashed passwords) and user groups. This type of authentication
is useful for creating user accounts that reuse the credentials
of existing Unix accounts in cases where you know only the hashed
passwords, not the plaintext passwords. Because local database authentication
is associated with authentication profiles, you can accommodate
deployments where different sets of users require different authentication
settings, such as
Kerberos single
sign-on (SSO) or
Multi-Factor
Authentication (MFA). (For details, see
Configure
an Authentication Profile and Sequence). For administrator
accounts that use an authentication profile,
password complexity and expiration
settings are not applied. This authentication method is available
to administrators who access the firewall (but not Panorama) and
end users who access services and applications through Captive Portal
or GlobalProtect.