IPsec and User Authentication
Christopher S. Gripp
cgripp at AXCELERANT.COM
Tue Feb 13 12:46:43 EST 2001
RADIUS to an RSA Secure server using 2 phase auth. in most cases.
Christopher S. Gripp
Systems Engineer
Axcelerant
Connecting Everyone In Your Business World
Visit us @ http://www.axcelerant.com
-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Tina
Bird
Sent: Tuesday, February 13, 2001 7:43 AM
To: VPN at SECURITYFOCUS.COM
Subject: IPsec and User Authentication
Hi all --
I am in the middle of revising my VPN tutorial (the
USENIX/SANS class), and in looking at the IPsec
section a question has arisen.
How many of you are using IPsec for remote access
VPN -- that is, for replacing dial-ups for individual
users, rather than site-to-site? If you are, what
are you doing for user authentication?
The book answers seem to be user-based digital
certificates (if you've got some way to associate
them with a user rather than a machine), one of the
"hybrid" authentication mechanisms (XAUTH and its
relatives), or some layering of IPsec with protocols
like PPTP or L2TP (which include "traditional" user
authentication support). But I'm curious to see
what people who are really >doing< it are doing.
Thanks for any info. For those who are curious,
I will post results to the list -- and if you really
want to get the gorey details, I'll be teaching the
class at SANS in Baltimore in May.
cheers -- tbird
VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html
life: http://kubarb.phsx.ukans.edu/~tbird
work: http://www.counterpane.com
VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list