On Tue, May 11, 2010 at 04:42:26PM -0500, Rob Townley wrote: > Microsoft is touting "Direct Access" as a main reason to upgrade to > Win2008R2 / Win7.
All i see there functionalitywise can be provided by a vpn-endpoint using kerberos/ldap for authentication/authorization. As a feature i read 'use homeshare without using the vpn' but in the end its just 'using a remote filesystem using the computer principal for authentication'. > HOW: > Use existing cross platform tunneling and tap devices for LinMacWin - > very well tested. Comes with tinc-vpn. > tinc-vpn for the virtual IP addresses. These are secondary IP > addresses all machines would have. > dynamic dns port numbers stored in bind's SRV or TXT records for easy > configuration. > tinc-vpn keys stored in dns KEY record for key management. > tinc-vpn can use IPv6 if needed. > tinc-vpn for the encryption now, ipSec later? > > FreeIPA provides the centralized management infrastructure that > tinc-vpn like solutions are missing. If tinc can already work using kerberos/ldap for authentication/au- thorization then you could create a howto or maybe tinc-package with the appropriate libraries. This would then add vpn-endpoint functionality to freeipa. Christian _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
