[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LDAP Schema, CAs and RADIUS
O.K., I need 'back-office' Authentication, Authorization and
Accounting services for my Security Gateway.
I can do this today, with a few bits of sticky-tape, with RADIUS,
but what is the future?
I can get Authorization by implementing LDAP and sucking down IPSEC
I can get Authentication using Certificates and implementing a bunch
of protocols to check CRLs.
What do I do for Accounting?
Some folk use RADIUS to do address-download to remote clients, e.g.
Intranet IP address pool management and
name server address down-load (IKECFG stuff). A nice feature to
centralize address pool management.
I guess name-server addresses could just about be added to the IPSEC
VPN schema (reasonably static - you hope),
but I still need an answer for Accounting and Address Pool
Do we make the RADIUS server the meeting point for Legacy AAA, LDAP
Policy, and CRLs?