|
|
Hi Marcos Marcos Morais wrote: > Hi Erich, first of all explain these expressions that you used for me: > M$ The big, rich company in Redmond :-( > AD Active directory, in this case, anno domini in most others :-) > IMHO in my humble opinion > TGT ticket granting ticket, a kerberos term > > Let's see if I Understood: > What you're saying is that OpenVPN doesn't have a native package that > allows > that kind of authentication, and to have that working on my VPN I should > either use a commercial VPN software that has It, or to add a third party > plugin that does it for me? is that what you meant? I don't know of any for OpenVPN, but certainly there are IPSEC implementations which do that. I was referring to the fact that there are two facets to data access, authentication and authorization. Authentication is possible against AD using, for example, the ldap authentication plug-in. Authorization is a completely different matter. I believe actually M$ is using kerberos tickets to grant access to data located on their servers. So in order to get access at that level you need a ticket, and in order to get one, you need a TGT, which you can get when you authenticate against their kerberos implementation. cheers Erich ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00090.html on line 220 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00090.html on line 220 |