Firewall Wizards mailing list archives
Re: LDAP and Strong Auth
From: "Guy D. Hadsall" <ghadsall () telcordia com>
Date: Tue, 16 Jan 2001 08:42:01 -0500
Jeff, Its fairly easy to deploy the ACE/Serve with an LDAP backend. Having engineered and deployed a few in the past makes it alot easier.... but its certainly not a requirement. The architecture of the ACE/Server product allows for the database to be somewhat independent; thus you can redirect the ACE/Server AAA requests to one of several backends. From the quirky database they ship, to another ACE, or RADIUS server, or to an LDAP schema its fairly easy once you get the data comm issues resolved. No incompabilities concerning the schema either... it does not have to be in the root of a tree. Bored one evening we even played with latency and scaling by adding distributing the network elements (ACE/Server, RADIUS, and LDAP) through proxying and found it worked... though much slower as expected. I've not deployed the SafeWord product. Hopefully someone else will kickin on it. GuyH Telcordia Technologies (yes, we use to have another more recognized name that started with a B) Jeff Newton <Jeff_Newton () pmc-sierra com> on 01/15/2001 07:07:02 PM Please respond to Jeff Newton <Jeff_Newton () pmc-sierra com> To: firewall-wizards () nfr com cc: (bcc: Guy D. Hadsall/Telcordia) Subject: [fw-wiz] LDAP and Strong Auth Has anyone deployed LDAP with SecurID or Secure Computing's SafeWord Plus? I am primarily interested in interoperability, and redundancy issues. As far as I can tell, RSA expects its ACE server to the first point of client authentication. The ACE server either auths those with tokens or retrieves passwords from the LDAP store. SafeWord Plus looks like it incorporates a v2/v3 LDAP directory server. As for redundancy, I have never been a fan of ACE server's master and slave topology, especially with many remote WAN-dependent offices. SafeWord Plus is supposedly peer-to-peer. I would welcome any advice or tails from the trenches on this topic (offline if more appropriate). Cheers, ---- Jeff Newton _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- LDAP and Strong Auth Jeff Newton (Jan 15)
- Re: LDAP and Strong Auth John Adams (Jan 16)
- <Possible follow-ups>
- Re: LDAP and Strong Auth Guy D. Hadsall (Jan 16)