[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH tunnels



> this a reasonable way to go, or are there hidden problems in this
> approach as compared to SSL/TLS?

	The program STunnel (SSL) is very easy to setup and administer.
It can also do client-side certificate validation quite easily.  My
opinion is that it is easier to setup than ssh for VPN-like tunneling.

	Because of that, I prefer STunnel.  But since SSL is supported
natively in OpenLDAP there's no reason to tunnel at all.  Just turn on
TLS.

	As far as I know, Stunnel and ssh both work on Unixes and
MS-Windows.


--Derek