> That was only my guess. I thought NM is be able to put the > certificate inside H.235 tokens... Anyway, I'll try to sniff > some packets and see what NM is doing with certificates Michal, Don't bother - The certificate is for data only (T120). The only way, we could make NM authentication reasonably secure is: 1) Have NM with the help of an LDAP add-on module set an attribute to a common value (that may change from time to time) on the LDAP server using an SSL connection, before registering NM with the gk. 2) The GK can then in addition to LdapAliasAuth authenticate against that additional attribute. Another way we used in the past, using the same add-on ldap client, was to register with the dynamic directory of an LDAP server and update the TTL periodically. The GK in turn would authenticate against the dynamic directory (instead of the user directory) and as long as the TTL has not expired, the endpoint could be positively authenticated. Franz. PS. I'm currently in LOS with limited (9.6k Mobile - expensive) internet connectivity, I shall answer to you email when I arrive back in the UK on Friday. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
