Re: Authentication question & problem

[Tremaine Lea <tremaine () gmail com>]

It may be relatively straightforward, if approached differently.

Create a vpn tunnel between site B and site C.  Allow users from site  
B to access the application on site C.  Allow users to remote in to  
site B with credentials.

There should be no need for site C to be involved in your ldap  
credentials.  The fact they are authenticated on a domain that site C  
has chosen to trust should be sufficient.  If it's not sufficient,  
they should be providing their own authentication mechanism.

It's a bit difficult to provide specific suggestions without more  
information, but the above solution is definitely workable.

---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"



On 22-Apr-08, at 10:41 AM, evilwon12 () yahoo com wrote:
> Here is what my developers are wanting to do, and I cannot think of  
> a secure way to do this.
>
> Have a user (at home) authenticate against our LDAP through a  
> company portal/site and have that authentication information passed  
> to an external vendor, allowing the user at home to utilize the  
> application from home after being authenticated.
>
> So, it's user at site A, authenticating with site B, and the user at  
> site A using the application (after authentiation) at site C.
>
> Sorry for being long winded, but everything there screams MITM to  
> me.  I am probably missing something easy.