| gabriel rosenkoetter on Wed, 3 Jul 2002 11:02:48 -0400 |
|
On Wed, Jul 03, 2002 at 08:33:13AM -0400, Jesse Schultz wrote: > I am actually looking to implement a certificate based system for SSH > POP3 and possibly a VPN system. All would use the same certificate. > Only myself and the owner of the company (An RF engineer so pretty > technical) would have root access. Is there something wrong with Kerberos5 for this? (Actually, there are a variety of things wrong with it, both in protocol and implementation, but it sounds like it's what you want.) You should be able to find a POP3 server with a K5 authentication option (though I don't know one off the top of my head), and OpenSSH has been able to do this for ages. But why do you want digital certificates? That requires a CA, which is immediately where Mallory'd attack if he wanted to co-opt your entire network. (Fwiw, we're moving up on Radius for a single sign-on to Windows, Solaris, Linux, and maybe still a little Novell. I don't know whether Radius can hit a cert server, but I'd be moderately surprised if it couldn't.) -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpjJL6oEO6VI.pgp
|
|