Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firewalling at the domain users level instead of network level

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 19 Jul 2004 16:23:03 -0400
You can use iptables to force proxy redirection over specific ports
through the firewall.  Why not redirect that to Squid with LDAP or PAM
authentication?  That would authenticate users by browser session, and
Squid supports ACL's by username (and group name if using LDAP).

PaulM


-----Original Message-----
Hi all.


I'm implementing a "Windows clients, Linux servers" kind of network. 
Some users may login at different machines, therefore, ip 
level is not 
enough. I wonder if it's possible to control the access at 
the "domain 
users" level instead of network or ip level.  I could implement some 
proxies, but each client machine had to be configured  and that would 
mean extra work. IPtables can filter at the user level, but only with 
local users. Is there a way to configure iptables and 
kerberos working 
together or something like that?  Is this doable with PAM? I 
have read 
that SAMBA authenticated gateway HOWTO, but it doesn't look very 
reliable. Well, so basically what i want, is a firewall 
similar to a ISA 
Server firewall

Any ideas about this would be apreciated, thanks in advance.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: