RE: [fw-wiz] LDAP and Kerberos?
From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 09/20/04
- Previous message: Christopher Hicks: "[fw-wiz] LDAP and Kerberos?"
- Maybe in reply to: Christopher Hicks: "[fw-wiz] LDAP and Kerberos?"
- Next in thread: ArkanoiD: "Re: [fw-wiz] LDAP and Kerberos?"
- Reply: ArkanoiD: "Re: [fw-wiz] LDAP and Kerberos?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Christopher Hicks" <chicks@chicks.net>, "Firewall Wizards Mailing List" <firewall-wizards@honor.icsalabs.com> Date: Mon, 20 Sep 2004 13:46:24 -0400
> -----Original Message-----
> > The advantage of mutual authentication is that it prevents playback
> > spoofing and man-in-the-middle attacks. It's designed to make it
> > difficult for a third system to get access to services by
> eavesdropping
> > or otherwise intercepting or interfering with the authentication
> > process.
>
> Ah, so I can setup my own CA and accomplish most of the same
> thing. I see
> now. Thank you.
Exactly.
At that point, the only argument that I can think of for using Kerberos
instead of SSL and LDAP is that Kerberos can determine whether or not a
specific user is allowed to use a specific service. Of course you can
probably do something like this with PAM and LDAP groups, so there's not
much need for Kerberos even then.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Christopher Hicks: "[fw-wiz] LDAP and Kerberos?"
- Maybe in reply to: Christopher Hicks: "[fw-wiz] LDAP and Kerberos?"
- Next in thread: ArkanoiD: "Re: [fw-wiz] LDAP and Kerberos?"
- Reply: ArkanoiD: "Re: [fw-wiz] LDAP and Kerberos?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
