Darren Reed wrote:
> Someone asked me today, will it be possible to use cards
> such as SecurID with IPFilter to authenticate network access.
>
> While my response is sure, we can do this, how would this
> fit in to the Solaris security model?
Before we go to the details of how to implement it I think we first need
to understand what authenticating network access means in this context.
What is the identity that is to be authenticated ?
user
host
(user,host)
application
(user,application)
(application,host)
(user,application,host)
What "side" of the network connection is supposed to be doing the
authentication ? The connection initiator or the receiver ?
What is the actual problem they are trying to solve ?
Why doesn't something like 802.1x meet there needs (yes I know we don't
have that in Solaris yet)
--
Darren J Moffat
