Re: IPSec policies with Kerberos only??
From: Herb Martin (news_at_LearnQuick.com)
Date: 07/01/04
- Next message: Cleve S.: "Re: Fax Service"
- Previous message: James: "cross site roaming profile trouble"
- In reply to: Spin: "Re: IPSec policies with Kerberos only??"
- Next in thread: Sarah Tanembaum: "Re: IPSec policies with Kerberos only??"
- Reply: Sarah Tanembaum: "Re: IPSec policies with Kerberos only??"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Jul 2004 07:51:11 -0500
"Spin" <Spin@spin.com> wrote in message news:2kh9o3F2c78qU1@uni-berlin.de...
> That's what I thought. Thanks for confirming.
>
> "Simon Geary" <simon_geary@hotmail.com> wrote in message
> news:%23iYIhdvXEHA.1652@TK2MSFTNGP09.phx.gbl...
> > Yes, by just using Kerberos you can run IPSec without getting your hands
> > dirty with keys or certificates. It makes it a breeze to set up and is
> > recommended if you have a small network.
Same domain (or trust relationship actually).
Kerberos won't work for "foreign" domain machines otherwise.
Certificates are largely for machines that aren't in the same domain/forest
or which cannot join due to being "routers" or some such.
-- Herb Martin > > > > "Spin" <Spin@spin.com> wrote in message > news:2kgtdbF2896sU1@uni-berlin.de... > > > Gurus, > > > > > > I have been studying Windows Server 2003. Regarding IPSec policies, if > > one > > > does not want to use a pre-shared key (least secure), and does not have > > > Certificate Server, can one still implement IPSec policies with just > > > straight-up Kerberos as the default authentication method? > > > > > > > > > > > > > >
- Next message: Cleve S.: "Re: Fax Service"
- Previous message: James: "cross site roaming profile trouble"
- In reply to: Spin: "Re: IPSec policies with Kerberos only??"
- Next in thread: Sarah Tanembaum: "Re: IPSec policies with Kerberos only??"
- Reply: Sarah Tanembaum: "Re: IPSec policies with Kerberos only??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
