Firewall Wizards mailing list archives
RE: Firewalling at the domain users level instead of network level
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 19 Jul 2004 16:23:03 -0400
You can use iptables to force proxy redirection over specific ports through the firewall. Why not redirect that to Squid with LDAP or PAM authentication? That would authenticate users by browser session, and Squid supports ACL's by username (and group name if using LDAP). PaulM
-----Original Message----- Hi all. I'm implementing a "Windows clients, Linux servers" kind of network. Some users may login at different machines, therefore, ip level is not enough. I wonder if it's possible to control the access at the "domain users" level instead of network or ip level. I could implement some proxies, but each client machine had to be configured and that would mean extra work. IPtables can filter at the user level, but only with local users. Is there a way to configure iptables and kerberos working together or something like that? Is this doable with PAM? I have read that SAMBA authenticated gateway HOWTO, but it doesn't look very reliable. Well, so basically what i want, is a firewall similar to a ISA Server firewall Any ideas about this would be apreciated, thanks in advance.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewalling at the domain users level instead of network level Santos (Jul 19)
- Re: Firewalling at the domain users level instead of network level Luca Berra (Jul 19)
- Re: Firewalling at the domain users level instead of network level Devdas Bhagat (Jul 19)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 19)
- Re: Firewalling at the domain users level instead of network level Chuck Swiger (Jul 19)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 19)
- Re: Re: Firewalling at the domain users level instead of network level Steve Lam (Jul 20)
- Re: Firewalling at the domain users level instead of network level Chuck Swiger (Jul 20)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 20)
- Re: Firewalling at the domain users level instead of network level Paul D. Robertson (Jul 19)
- <Possible follow-ups>
- RE: Firewalling at the domain users level instead of network level Melson, Paul (Jul 19)