IPSec & Kerberos

  • Thread starter Thread starter myrt webb
  • Start date Start date
M

myrt webb

I do not understand the relationship between Kerberos and
IPSec when encypting communications in a domain.

If you turn on Secure Server on a server all commo is
IPSec encrypted in the domain from that server without
the use of a Certificate Authority. According to what I
have read Kerberos takes care of the key exchange so the
SA can be established. Does Kerberos construct a
certificate or is some other method used.
 
There are three authentication methods for ipsec - kerberos [default ],
certificate, or preshared key. They are all forms of authentication. A
certificate is not required for authentication. Key use is not exclusive to
a key exchange. It is however the most secure method of authentication of
authentication outside of a domain for ipsec. In the initial authentication
a computers public key is used to encrypt the keys in the challenge sent to
the other computer when a certificate is used. If preshared keys are used
then the challenge is encrypted with a hash created from the pre shared
ey. --- Steve
 
Let me clarify myself [ if possible ]. Key use is not exclusive to using
certificates. Sorry. --- Steve



Steven L Umbach said:
There are three authentication methods for ipsec - kerberos [default ],
certificate, or preshared key. They are all forms of authentication. A
certificate is not required for authentication. Key use is not exclusive to
a key exchange. It is however the most secure method of authentication of
authentication outside of a domain for ipsec. In the initial authentication
a computers public key is used to encrypt the keys in the challenge sent to
the other computer when a certificate is used. If preshared keys are used
then the challenge is encrypted with a hash created from the pre shared
ey. --- Steve


myrt webb said:
I do not understand the relationship between Kerberos and
IPSec when encypting communications in a domain.

If you turn on Secure Server on a server all commo is
IPSec encrypted in the domain from that server without
the use of a Certificate Authority. According to what I
have read Kerberos takes care of the key exchange so the
SA can be established. Does Kerberos construct a
certificate or is some other method used.
Click to expand...
Click to expand...
 
Back
Top