[fw-wiz] Kerberos (was: Firewall PKI integration requirements)

---

• From: ArkanoiD <ark@xxxxxxxxx>
• Date: Mon, 21 Aug 2006 13:27:07 +0400

---

nuqneH,

On Sun, Aug 20, 2006 at 09:39:02PM -0700, Carson Gaspar wrote:

--On Friday, August 18, 2006 7:48 PM +0400 ArkanoiD <ark@xxxxxxxxx> wrote:

What PKI integration/certificate management functions you people
expect to see on the firewall? Manual import, LDAP integration
(exactly how?), CRL management features (which way)? Please describe me
in details as i am going to implement those for IPSec, SSL/TLS
and maybe other crypto functons. Is Kerberos still considered alive
and widely deployed? Should i support it, which way?

I'm not sure if you're asking about krb5/PKI, or other uses of kerberos.

I was talking about PKI in general and Kerberos as yet another infrastructure
thing.

Kerberos V is certainly very alive for authentication. My expectation would
be _minimally_ to support it as an authentication back-end. Kerberized
logins to the firewall itself (via ssh GSSAPI, ktelnet, or whatever) would
also be a very good idea, especially if you support krb5 principle ACLs
(e.g. gaspac/admin@xxxxxxxxxxx may log in with admin privs). Supporting
krshd pass-through would be nice (it's annoyingly just slightly different
from rshd, as I recall from my fwtk/Gauntlet days).

Well, what is the desired deployment scenario? Where do i place kdc?

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Follow-Ups:
  • Re: [fw-wiz] Kerberos (was: Firewall PKI integration requirements)
    • From: Carson Gaspar

• References:
  • [fw-wiz] Firewall PKI integration requirements
    • From: ArkanoiD
  • Re: [fw-wiz] Firewall PKI integration requirements
    • From: Carson Gaspar

• Prev by Date: Re: [fw-wiz] How automate firewall tests
• Next by Date: Re: [fw-wiz] How automate firewall tests
• Previous by thread: Re: [fw-wiz] Firewall PKI integration requirements
• Next by thread: Re: [fw-wiz] Kerberos (was: Firewall PKI integration requirements)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [fw-wiz] Firewall PKI integration requirements ... I'm not sure if you're asking about krb5/PKI, or other uses of kerberos. ... be _minimally_ to support it as an authentication back-end. ... logins to the firewall itself would ... (Firewall-Wizards) Re: [fw-wiz] httport 3snf ... > Having worked in the Firewall support role at several companies, ... I had my CIO approve my security policy. ... time educating him about Internet risk. ... There's also a very good "at what point is the firewall now useless" ... (Firewall-Wizards) Re: Messenger Audio/Video with ISA 2004 ... Technically speaking, if this needs to be supported through the firewall, ... Therefore, the external client can ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: [fw-wiz] stopping bots from phoning home ... well it works fine on my dsl connection! ... the majority of support calls that we receive are from the very ... > with the newer IM clients that do IRC. ... that having a firewall on the box that can see which program is trying to ... (Firewall-Wizards) Re: Problem with EZ Antivirus ... >> internet access through your firewall. ... >> If you continue to receive the 'fatal error 3' message when trying to run ... >> Windows Firewall - Please be sure that the Windows XP firewall on your ... >> Please send the ezreport to support now. ... (alt.comp.anti-virus)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2006-08