[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] A different authentication issue

From: Brian Chase <networkr0 cfl rr com>
To: "Support list for opensource software in schools." <k12osn redhat com>
Subject: Re: [K12OSN] A different authentication issue
Date: Wed, 14 Apr 2004 21:53:44 -0400

You might try Webmin, here's a excerpt from the Squid Access Control Help Section, might be what you're after, looks like you can allow filtered on user and/or group.

Access Control

------------------------------------------------------------------------ Access control lists: ACLs are lists of terms to be matched using regulard expressions of literal expressions. An ACL may also be a file that contains one item or regular expression per line. The ACL box on this page has several fields which may be edited. New ACLs may also be created.

The fields present are:

Name is the name by which the ACL can be identified. When creating a Proxy Restriction this is the name used to define what is being restricted.

Type is the type of information that the ACL is to be matched against.

Matching.. is the address, port, URL, user, etc. that the ACL will be matching to.

Proxy restrictions: Proxy restrictions are rules that either allow or deny a given request based on whether its ACL matches the specifics of the reuqest. There are three fields in this box.

Action is either allow or deny.

ACLs are the ACLs that will be matched against to decide whether the request is allowed or denied. If prepended by an exclamation point the ACL will be negated, in other words everything except members of that ACL will be allowed or denied.

Move allows the order of restrictions in the list. The order in which they appear is important, because Squid only reads the list until it has found the first match.

ICP restrictions: This box is for restricting ICP requests. ICP requests are requests from other neighbor caches. This section work the same as Proxy restrictions.

------------------------------------------------------------------------

madsen vijit com wrote:

Reading about a previous poster's authentication issue (for which I'm
sorry to say I have no answer), I was reminded of a problem I've sorta
been ignoring.
Students are using a Novell server and I want to migrate them to LTSP or a "conventional" [Linux] PC as appropriate. That's not an issue.

But Novell Border Manager is used to keep track of who to allow onto the Internet. Once they log in to the main Novell server, the Border Manager knows about the login and can check to see if they're allowed to use the 'net, too. Some students' parents have signed Internet permission slips, and some have not. Lower grades aren't permitted to access the Internet anyway. This means we have to allow selective Internet access based on human identity, not IP address or some other machine characteristic.

I suppose something could be hacked to "fix" the default route in the routing table in a "conventional" Linux environment, but that still leaves the control on the client (end-user) machine. I don't see this as too smart, as end-user ingenuity could be used to defeat this. It would be better to have something more "central" that the kids couldn't get to acting as gatekeeper.

Does anyone know of any facility (in either an LTSP or "conventional" Linux environment) to do this?

All/any suggestions welcome!
Dave Madsen ---dcm
madsen vijit com
_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>


--
Brian Chase			Phone:  386-775-5366
2345 Hillside Ave.		Fax:    309-276-2048
Orange City, FL  32763		Email:  networkr0 cfl rr com

http://openalternatives.net

References:
- [K12OSN] A different authentication issue
  - From: madsen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]