[zorp] zorp vs. TIS
Balazs Scheidler
bazsi@balabit.hu
Tue, 13 Feb 2001 13:44:24 +0100
On Tue, Feb 13, 2001 at 07:24:26AM -0500, Tim Sailer wrote:
> On Tue, Feb 13, 2001 at 11:25:58AM +0100, Balazs Scheidler wrote:
> > Free version:
> > -------------
> > HTTP/1.1 (keep-alive and chunked encoding fully supported)
> > FTP
> > finger
> > SSL
> > plug
> >
> > Commercial version:
> > -------------------
> > Enhanced SSL
> > POP3
>
> What abount telnet? Any plans for trying to do ssh?
telnet is under consideration. It was not a primary objective, since there's
not too much you can do with the telnet protocol (except for option
negotiation and environment variable filtering), a simple plug would
suffice. Telnet is inherently insecure, it shouldn't be used in security
conscious environments, a proxy wouldn't change this.
SSH is also planned. Personally I have already implemented a working SSH2
proxy (in the LSH project), but Zorp will probably use an independent
implementation.
> ALso, what about authentication? We use T.Rex right now since it uses
> Radius as one of it's authentication methods, and that gives us One Time
> Passwords with our Radius/CryptoCard server.
We have our own authentication system, currently supporting S/Key and
CryptoCard (ANSI X9.9). We partly removed it from 0.7.x, because we
are redesigning some parts.
> We're also looking for Telnet and FTP proxies that are Kerberos5 aware.
> I'm pretty sure we'll have to roll our own on that one.
What do you mean on that? Authenticate your users for going through
the firewall?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1