[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LDAP Schema, CAs and RADIUS

	O.K.,  I need  'back-office'  Authentication, Authorization and
Accounting services for my Security Gateway.

	I can do this today, with a few bits of sticky-tape, with RADIUS,
but what is the future?

	I can get Authorization by implementing LDAP and sucking down IPSEC
VPN policies.
	I can get Authentication using Certificates and implementing a bunch
of protocols to check CRLs.

	What do I do for Accounting?

	Some folk use RADIUS to do address-download to remote clients, e.g.
Intranet IP address pool management and 
	name server address down-load (IKECFG stuff). A nice feature to
centralize address pool management.

	I guess name-server addresses could just about be added to the IPSEC
VPN schema (reasonably static - you hope),
	but I still need an answer for Accounting and Address Pool

	Do we make the RADIUS server the meeting point for Legacy AAA, LDAP
Policy, and CRLs?

	Regards, Steve.