[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH tunnels

To: Richard Baldwin <baldwin@pgc.nrcan.gc.ca>
Subject: Re: SSH tunnels
From: Derek Simkowiak <dereks@itsite.com>
Date: Wed, 6 Nov 2002 14:54:02 -0500 (EST)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <200211062200.gA6M0Iw28133@taseko.pgc.nrcan.gc.ca>

> this a reasonable way to go, or are there hidden problems in this
> approach as compared to SSL/TLS?

	The program STunnel (SSL) is very easy to setup and administer.
It can also do client-side certificate validation quite easily.  My
opinion is that it is easier to setup than ssh for VPN-like tunneling.

	Because of that, I prefer STunnel.  But since SSL is supported
natively in OpenLDAP there's no reason to tunnel at all.  Just turn on
TLS.

	As far as I know, Stunnel and ssh both work on Unixes and
MS-Windows.


--Derek

References:
- SSH tunnels
  - From: Richard Baldwin <baldwin@pgc.nrcan.gc.ca>

Prev by Date: indices in slapd.conf
Next by Date: RE: SSH tunnels
Index(es):
- Chronological
- Thread