[Freeipa-users] IPA over the Internet - Security Implications
John Dennis
jdennis at redhat.com
Fri Aug 17 13:05:03 UTC 2012
On 08/16/2012 09:14 PM, Michael Mercier wrote:
> Hello,
>
> I was wondering what the security implications would be setting up a
> server to be a freeipa client at one site, and have it join a freeipa
> system over the internet at another site.
>
> ipaclient (siteA) <-- internet --> ipaserver (siteB)
>
> Is there an IPA document that describes this situation?
I'm not aware of any such document but IPA was designed to be secure in
multiple ways including traffic on open networks. All network traffic
that is sensitive is tunneled in some fashion, usually either by the
kerberos protocol or the SSL/TLS protocols. IPA also makes sure strong
encryption is utilized for those tunnels. Strong authentication is also
required at the endpoints of those tunnels.
It really wouldn't make much sense to design an authentication and
security manager that itself wasn't secure :-)
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list