* Andreas Thierer wrote on Wed, Jul 23, 2003 at 16:37 +0200:
i have running a freeswan-server (suse 8.2) and multiple Win2k/WinXP- roadwarriors.
my questions: - how can install the certificates per-user?
Having certificates for network-level, system-wide IPSec per-user? Does this make sense?
- if more than one certificate is installed on one machine, how can i ensure that only a specific cert is used for every user?
I think, via IP/IPSec you can identify hosts but not who opened a socket on some port. A user could start a client on some port and make it wait until some other user establishes "his" SA I think. Application level authentication is often better to identify users I guess. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.