--On Friday, August 18, 2006 7:48 PM +0400 ArkanoiD wrote:

> What PKI integration/certificate management functions you people
> expect to see on the firewall? Manual import, LDAP integration
> (exactly how?), CRL management features (which way)? Please describe me
> in details as i am going to implement those for IPSec, SSL/TLS
> and maybe other crypto functons. Is Kerberos still considered alive
> and widely deployed? Should i support it, which way?

I'm not sure if you're asking about krb5/PKI, or other uses of kerberos.
Kerberos V is certainly very alive for authentication. My expectation would
be _minimally_ to support it as an authentication back-end. Kerberized
logins to the firewall itself (via ssh GSSAPI, ktelnet, or whatever) would
also be a very good idea, especially if you support krb5 principle ACLs
(e.g. gaspac/admin@EXAMPLE.COM may log in with admin privs). Supporting
krshd pass-through would be nice (it's annoyingly just slightly different
from rshd, as I recall from my fwtk/Gauntlet days).

firewall-wizards mailing list