RE: User authentication on IPv6 network

Wed, 02 Nov 2005 17:45:34 -0800

You certainly do not need Netware for DNS/DHCP services for IPv6 – the

latest BIND 9.x and dhcpd will work just fine, and run on your Debian box.

There is sufficient info on using them with IPv6 on the Internet and in

various books (e.g. O’Reilly DNS & BIND 4th Ed).  The config files are a

bit obscure (esp. IPv6 reverse zones), but workable. Your Mileage May

Vary, but I personally prefer FreeBSD for this sort of thing.

 

We are about to release a really secure and user-friendly appliance

based on BIND, with full support for IPv6, if you are interested. Watch

our website (www.infoweapons.com) for details.

 

What kind of user authentication are you talking about? We often use

client digital certificates for “strong client authentication” (with HTTP or

any client server protocol that supports TLS), which is a very good

technique (I know of no attacks against it currently). This works fine

regardless of IP version (4 or 6). We are definitely doing that over IPv6

links today. You can create your own digital certificates using OpenSSL

or OpenCA (be sure you understand trust domains and root certs first).

 

If you prefer Radius, I understand there are IPv6 compliant versions,

but I’ve not used them myself.

 

If you are looking for SSO (Single Sign On) based on Windows Server,

check out Samba 3.x and WinBind – we do use that to allow login

to UNIX boxes, email, websites, etc, using the current Windows login

and password. Again, a bit tricky to set up but all details are available

online or in books.

 

I haven’t used any Novell software in ages – they never really did seem

to get the hang of TCP/IP (personal opinion), and there is no excuse

for using IPX/SPX these days (or other forgotten tongues such as

Banyan VIP)

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Gauthier
Sent: Wednesday, November 02, 2005 10:35 PM
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: User authentication on IPv6 network

 

Hi.

I am currently trying to do an IPv6 network with Netware, Debian 3.1 (2.6.14 kernel) and Windows 2003 Server.

I am having problems installing Netware 6.5 that I needed for user authentication and DNS/DHCP services. But I would like not to use Netware 6.5 because there is no real good support.


So I am wondering what I should use to make my server work with IPv6 and authenticate users without using IPv4 and using only Debian and Windows Server 2003 (using Debian for DNS/DHCP services). Is there a way?

 

I would like to have an answer even if it is "No".

 

Thanks a lot.

Reply via email to