IPSEC- Kerberos vs Certificates

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

When deploying an IPSEC policy through Group Policy you can use one of three options. Kerberos(AD) a certificate server, or a shared secret. Kerberos seems to be the quickest and easiest way as far as managing and troubleshooting goes. Does anyone have any input into the pro's and con's between using kerberos or a CA?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

as you said Kerberos is quick. As far as security goes it is very reliable.
The down side is, you can only use Kerberos inside domain. If you want to
set IPSec between two PCs that are not part of domain you can't use
Kerberos. So here you have an option to use shared secret (not a good
security choice) and certificates (preferred in case you can't use
Kerberos)...

If you want to know what is more secure Kerberos vs. certificates it's
certificates, but still Kerberos is very secure protocol...

I hope this helps you out,

Mike

"fnstrat2" <fnstrat2@discussions.microsoft.com> wrote in message
news:5C650120-4625-4A9A-8542-6BC871A2B6AF@microsoft.com...
> When deploying an IPSEC policy through Group Policy you can use one of
> three options. Kerberos(AD) a certificate server, or a shared secret.
> Kerberos seems to be the quickest and easiest way as far as managing and
> troubleshooting goes. Does anyone have any input into the pro's and con's
> between using kerberos or a CA?