[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New XAUTH draft

To: Tim Jenkins <tjenkins@TimeStep.com>
Subject: Re: New XAUTH draft
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Thu, 20 May 1999 12:04:39 -0700
cc: "Scott G. Kelly" <skelly@redcreek.com>, Stephane Beaulieu <sbeaulieu@TimeStep.com>, Glen Zorn <gwz@acm.org>, "Waters, Stephen" <Stephen.Waters@cabletron.com>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 20 May 1999 12:45:41 EDT." <319A1C5F94C8D11192DE00805FBBADDFA97156@exchange>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 20 May 1999 12:45:41 EDT you wrote
> 
> The only way XAUTH reduces the existing authentication of IKE is if
> the sysadmin use pre-shared key authentication and share it everywhere
> or set it to null (if that's even possible).

But this is precisely the way it's used. If you had a pre-shared key bound
to a specific user (as opposed to a group) or if you had a certificate
binding a specific user to a public key then there would be no need for
XAUTH. Any subsequent radius/tacacs/whatever method of authentication
would be pointless.

  Dan.

Follow-Ups:

Re: New XAUTH draft

From: "Jatinder Bali" <jbali@lucent.com>

References:

RE: New XAUTH draft

From: Tim Jenkins <tjenkins@TimeStep.com>

Prev by Date: RE: New XAUTH draft
Next by Date: RE: New XAUTH draft
Prev by thread: Re: New XAUTH draft
Next by thread: Re: New XAUTH draft
Index(es):
- Main
- Thread