[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LDAP Schema, CAs and RADIUS

To: ipsec@lists.tislabs.com
Subject: LDAP Schema, CAs and RADIUS
From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
Date: Wed, 17 Mar 1999 09:56:03 -0000
Sender: owner-ipsec@lists.tislabs.com


	O.K.,  I need  'back-office'  Authentication, Authorization and
Accounting services for my Security Gateway.

	I can do this today, with a few bits of sticky-tape, with RADIUS,
but what is the future?

	I can get Authorization by implementing LDAP and sucking down IPSEC
VPN policies.
	I can get Authentication using Certificates and implementing a bunch
of protocols to check CRLs.

	What do I do for Accounting?

	Some folk use RADIUS to do address-download to remote clients, e.g.
Intranet IP address pool management and 
	name server address down-load (IKECFG stuff). A nice feature to
centralize address pool management.

	I guess name-server addresses could just about be added to the IPSEC
VPN schema (reasonably static - you hope),
	but I still need an answer for Accounting and Address Pool
Management.

	Do we make the RADIUS server the meeting point for Legacy AAA, LDAP
Policy, and CRLs?

	Regards, Steve.

Follow-Ups:

Re: LDAP Schema, CAs and RADIUS

From: Paul Krumviede <paul@MCI.NET>

Prev by Date: Re: The world according to MCR
Next by Date: Re: LDAP Schema, CAs and RADIUS
Prev by thread: CFP: ISOC Year 2000 Network & Distr. System Security (NDSS 2000)
Next by thread: Re: LDAP Schema, CAs and RADIUS
Index(es):
- Main
- Thread