Firewall Wizards mailing list archives
Re: Firewalling at the domain users level instead of network level
From: "Paul D. Robertson" <paul () compuwar net>
Date: Mon, 19 Jul 2004 14:08:04 -0400 (EDT)
On Sun, 18 Jul 2004, Santos wrote:
Hi all. I'm implementing a "Windows clients, Linux servers" kind of network. Some users may login at different machines, therefore, ip level is not enough. I wonder if it's possible to control the access at the "domain users" level instead of network or ip level. I could implement some proxies, but each client machine had to be configured and that would mean extra work. IPtables can filter at the user level, but only with
You could use transparent proxies with user authentication.
local users. Is there a way to configure iptables and kerberos working together or something like that? Is this doable with PAM? I have read that SAMBA authenticated gateway HOWTO, but it doesn't look very reliable. Well, so basically what i want, is a firewall similar to a ISA Server firewall
Um, then you should probably buy ISA- personally, I'd keep it behind something else, but that's probably my historical paranoia of products from that vector.
Any ideas about this would be apreciated, thanks in advance.
If ISA does what you want, then get it- you could do authenticated SOCKS, or authentication to any other firewall which supports authentication (heck, even Apache's mod_proxy does authentication)- but if there's a tool that does what you wish then barring any major issues, you should use that tool. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewalling at the domain users level instead of network level Santos (Jul 19)
- Re: Firewalling at the domain users level instead of network level Luca Berra (Jul 19)
- Re: Firewalling at the domain users level instead of network level Devdas Bhagat (Jul 19)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 19)
- Re: Firewalling at the domain users level instead of network level Chuck Swiger (Jul 19)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 19)
- Re: Re: Firewalling at the domain users level instead of network level Steve Lam (Jul 20)
- Re: Firewalling at the domain users level instead of network level Chuck Swiger (Jul 20)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 20)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 19)
- <Possible follow-ups>
- RE: Firewalling at the domain users level instead of network level Melson, Paul (Jul 19)