The MS-Windows agent must be started before callbacks from the firewall will be accepted. Once started, the MS-Windows authentication agent appears as a small yellow key in the Windows taskbar. When a callback from the firewall occurs, a dialog may appear prompting the user for a password if necessary. The password can be cached for a configureable amount of time, to reduce the frequency of user prompts.
Clicking on the key with the right mouse button pops up a menu, from which the agent can be configured. Configuration includes specifying password cache intervals, authentication methods, the generation of RSA or DSA private keys, and the exporting of public keys to the clipboard or to disk. If digital signature authentication is used, then the user must create a private key of the appropriate type, and generate a public key which must be given to the firewall administrator. The firewall administrator must import this key into the firewall's key database (either by using the fwadmin program or by using the MS-Windows remote administration tools). The private key is encrypted before being stored on disk, using a user-selected password. It is this password that the user must subsequently enter to authenticate themselves.
The Windows authentication agent can be found on your CD in the /WIN32 directory, as auth-setup.exe. Information on how to install and use the program are given in the quick start guide, in the file /docs/QUICK.TXT. On-line help is included. There is also a legacy version for Windows 3.1 hosts, in the /WIN31 directory, with the name cdsauth.exe.