"Bryan J. Smith" <[EMAIL PROTECTED]> wrote: > I'm confused. > Do you just want authentication services in your DMZ? > Or are you using OpenFiler services in your DMZ?
Let me flip this. First off, I assume you want OpenFiler services in your DMZ. In such case, you can install LDAP services on it too, and then replicate part of your enterprise's LDAP tree into that DMZ server -- such as users, groups and other schema information that goes on files. I understand you need that information for OpenFiler to work, and hosting it local is not an issue ... with one exception ... You *MIGHT* wish to consider *NOT* replicating user password hashes into the DMZ server. You *SHOULD* consider keeping actual authentication information on an internal LAN server, and _only_ punch a hole through to your LAN (or another, heavily fortified DMZ) for your authentication. This is where using a dedicated KDC is ideal. ;-> It's easy to secure away from everything else. -- Bryan J. Smith Professional, Technical Annoyance [EMAIL PROTECTED] http://thebs413.blogspot.com -------------------------------------------------- I'm a Democrat. No wait, I'm a Republican. Hmm, it seems I'm just whatever someone disagrees with. _______________________________________________ Openfiler-users mailing list [email protected] https://lists.openfiler.com/mailman/listinfo/openfiler-users
