Re: IPSec policies with Kerberos only??

From: Simon Geary (simon_geary_at_hotmail.com)
Date: 06/30/04 

Date: Thu, 1 Jul 2004 00:10:03 +0100

Yes, by just using Kerberos you can run IPSec without getting your hands
dirty with keys or certificates. It makes it a breeze to set up and is
recommended if you have a small network.

"Spin" <Spin@spin.com> wrote in message news:2kgtdbF2896sU1@uni-berlin.de...
> Gurus,
>
> I have been studying Windows Server 2003. Regarding IPSec policies, if
one
> does not want to use a pre-shared key (least secure), and does not have
> Certificate Server, can one still implement IPSec policies with just
> straight-up Kerberos as the default authentication method?
>
>

Relevant Pages

  • RE: Between Forest IPSec Implementation?
    ... Using Windows 2000, your design should work fine with Certificates and CA's, ... As far as using a CA, you can setup your IPSec policies in each forest to ... Kerberos cross-forest auth will not work in 2000. ... Subject: Between Forest IPSec Implementation? ...
    (Focus-Microsoft)
  • Re: IPSec policies with Kerberos only??
    ... by just using Kerberos you can run IPSec without getting your hands ... dirty with keys or certificates. ...
    (microsoft.public.windows.server.general)
  • Re: Should I install Certificate Authority to solve these problems ?
    ... there are multiple considerations for IPsec. ... "trust" is defined as the ability to authenticate with IKE; ... constrain the use of certificates for IPsec authN to ... > base it on Kerberos you pretty much limit hard binding ...
    (microsoft.public.win2000.security)
  • Re: IPSec policies with Kerberos only??
    ... by just using Kerberos you can run IPSec without getting your hands ... Kerberos won't work for "foreign" domain machines otherwise. ... Certificates are largely for machines that aren't in the same domain/forest ...
    (microsoft.public.windows.server.active_directory)
  • Re: IPSec policies with Kerberos only??
    ... by just using Kerberos you can run IPSec without getting your hands ... Kerberos won't work for "foreign" domain machines otherwise. ... Certificates are largely for machines that aren't in the same domain/forest ...
    (microsoft.public.windows.server.general)