> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 14 July 2000 12:51 PM
> To: Frank Knobbe; 'David Lang'; Frank Knobbe
> Cc: [EMAIL PROTECTED]
> Subject: RE: Citrx Metaframe/NT4-TSE
>
>
> Whoa,
>
> This is way overkill. The solution provided earlier was a
> very simple and
> elegant solution using existing and proven technology that is freely
> available and does not require more than a couple of weeks of
> interoperability testing.
[ranting snipped]
Hang on a second...if I understand your earlier solution, you were basically
saying this:
Put an external box in the DMZ, then run Kerberos to do session/host level
auth to an internal box with hardening and logging where appropriate.
Seems to me that you're solving a different problem to the two-factor auth
proponents. Kerberos is only a fancy way of authenticating users and
endpoints at the same time - it doesn't add any actual strength to your
authentication mechanism.
In essence, all I'm asserting is that your solution can be no stronger than
user passwords. (Not that I don't like it). The two-factor people get better
auth - this doesn't mean that they couldn't do everything else you suggested
_as well_ to add DMZ host level auth as well as user auth.
Cheers,
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
