RE: Alternatives to Kerberos
From: Trevor Cushen (trevor.cushen@sysnet.ie)Date: 03/05/02
- Previous message: Eric Ray: "RE: A new book that I have found"
- Maybe in reply to: Jason Lewis: "Alternatives to Kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Trevor Cushen" <trevor.cushen@sysnet.ie> To: <jlewis@packetnexus.com> Date: Tue, 5 Mar 2002 11:23:24 -0000
Hello Jason,
hard to give a good answer without more details but if you are telneting
or copying files etc then SSH might be a solution. SSH is available for
all systems.
PGPvpn will work on Windows systems and is compatible with 2000 VPN
IPSec setup. Sets up a seamless VPN that is transparent to the end
user.
Kerberos on Windows will work across the board only if the Windows box
is the server for Kerberos. Windows will support Unix kerberos clients
but not recognise a kerberos unix server.
To directly answer you final question: YES it is possible and in many
cases recommended.
Steps I would personally go with is Windows 2000 servers user their
IPSec builtin solution. NT Servers get PGPvpn and then clients get
PGPvpn if they are not windows 2000. Unix boxes will use whatever IPSec
implementation works best on them. All is compatible and should be
transparent to the end user. Tough enough to setup but certainly
possible.
Good Luck.
Trevor
p.s.
The VPN side I am sure of as I have set it up already, working nicely
too. The Kerberos I am in the middle of and Microsoft documents and
Linux documents are what I am going by so I am open for correction
there.
-----Original Message-----
From: Jason Lewis [mailto:jlewis@packetnexus.com]
Sent: 03 March 2002 06:05
To: security-basics@securityfocus.com
Subject: Alternatives to Kerberos
I have been tossing around the idea of encrypting all my LAN traffic. I
have several Wireless Access Points that started me down this path.
Cisco
is pushing VPN's for all wireless clients. So I started thinking.....
Kerberos will do this, but I think trying to get Windows 2K, Linux,
Solaris,
etc. all on the same page will be a superhuman feat. What about IPSec?
I
could setup VPN's for each server-to-client and server-to-server, but
that
seems like a kludge.
Is anyone aware of software that will automatically negotiate a tunnel
between boxes? I am leaning towards IPSec, but will consider anything.
I
am not looking at hardware right now, which may be the only solution.
In a nutshell, I want end to end encryption on my local
net.....possible?
Jason Lewis
http://www.packetnexus.com
It's not secure "Because they told me it was secure".
The people at the other end of the link know less
about security than you do. And that's scary.
******************************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster@sysnet.ie
******************************************************************************
- Previous message: Eric Ray: "RE: A new book that I have found"
- Maybe in reply to: Jason Lewis: "Alternatives to Kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
