Firewall Wizards mailing list archives
Re: Firewall PKI integration requirements
From: Carson Gaspar <carson () taltos org>
Date: Sun, 20 Aug 2006 21:39:02 -0700
--On Friday, August 18, 2006 7:48 PM +0400 ArkanoiD <ark () eltex net> wrote:
What PKI integration/certificate management functions you people expect to see on the firewall? Manual import, LDAP integration (exactly how?), CRL management features (which way)? Please describe me in details as i am going to implement those for IPSec, SSL/TLS and maybe other crypto functons. Is Kerberos still considered alive and widely deployed? Should i support it, which way?
I'm not sure if you're asking about krb5/PKI, or other uses of kerberos. Kerberos V is certainly very alive for authentication. My expectation would be _minimally_ to support it as an authentication back-end. Kerberized logins to the firewall itself (via ssh GSSAPI, ktelnet, or whatever) would also be a very good idea, especially if you support krb5 principle ACLs (e.g. gaspac/admin () EXAMPLE COM may log in with admin privs). Supporting krshd pass-through would be nice (it's annoyingly just slightly different from rshd, as I recall from my fwtk/Gauntlet days). -- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall PKI integration requirements ArkanoiD (Aug 20)
- Re: Firewall PKI integration requirements Carson Gaspar (Aug 20)
- Kerberos (was: Firewall PKI integration requirements) ArkanoiD (Aug 21)
- Re: Kerberos (was: Firewall PKI integration requirements) Carson Gaspar (Aug 21)
- Kerberos (was: Firewall PKI integration requirements) ArkanoiD (Aug 21)
- Re: Firewall PKI integration requirements Carson Gaspar (Aug 20)