On 08/16/2012 09:14 PM, Michael Mercier wrote:
I was wondering what the security implications would be setting up a
server to be a freeipa client at one site, and have it join a freeipa
system over the internet at another site.
ipaclient (siteA) <-- internet --> ipaserver (siteB)
Is there an IPA document that describes this situation?
I'm not aware of any such document but IPA was designed to be secure in
multiple ways including traffic on open networks. All network traffic
that is sensitive is tunneled in some fashion, usually either by the
kerberos protocol or the SSL/TLS protocols. IPA also makes sure strong
encryption is utilized for those tunnels. Strong authentication is also
required at the endpoints of those tunnels.
It really wouldn't make much sense to design an authentication and
security manager that itself wasn't secure :-)
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
Freeipa-users mailing list