On Tue, May 11, 2010 at 04:42:26PM -0500, Rob Townley wrote:
> Microsoft is touting "Direct Access" as a main reason to upgrade to
> Win2008R2 / Win7.

All i see there functionalitywise can be provided by a vpn-endpoint 
using kerberos/ldap for authentication/authorization.

As a feature i read 'use homeshare without using the vpn' but in the
end its just 'using a remote filesystem using the computer principal
for authentication'.  

> HOW:
> Use existing cross platform tunneling and tap devices for LinMacWin -
> very well tested.  Comes with tinc-vpn.
> tinc-vpn for the virtual IP addresses.  These are secondary IP
> addresses all machines would have.
> dynamic dns port numbers stored in bind's SRV or TXT records for easy
> configuration.
> tinc-vpn keys stored in dns KEY record for key management.
> tinc-vpn can use IPv6 if needed.
> tinc-vpn for the encryption now, ipSec later?
> FreeIPA provides the centralized management infrastructure that
> tinc-vpn like solutions are missing.

If tinc can already work using kerberos/ldap for authentication/au-
thorization then you could create a howto or maybe tinc-package with
the appropriate libraries.
This would then add vpn-endpoint functionality to freeipa.


Freeipa-users mailing list

Reply via email to