[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Authenticating mixed clients for Internet Access



Hi Quentin,

Bert here, this is how I'm carrying out Internet access at present

I use group permissions. Internet users have access to tje web browser.

I'm using Mozilla on the Linux terminals server, and in Win98 terminal 
sessions (run in Win4Lin). I will be migrating all WIN9x machines to 
Mozilla as well.

Why? Because of the security issues that MSIE has. I'm sure Mozilla may 
have some too, but I haven't seen much press about Mozilla security.
It is possible to lock down Mozilla in about 10 seconds, so kids can't mess 
with the proxy server settings. This is accomplished by making the prefs.js 
file read only. In Win9x terminal sessions the security gets better because 
I can use Linux folder permissions to prevent users form altering or 
deleting the prefs.js file.

Here's the URL that cover this in  greater detail.

http://tln.lib.mi.us/~amutch/pro/mozilla/

I've also made my Win9x desktops read only in Win4Lin. This stops users 
from saving files to the desktop, forcing them to save to their home 
folders.

I use Win9x system policies as part of the equation, they work well for 
Win9x computers AND Win4Lin sessions. I'm using profiles, but need to do 
some more work on them. I found a couple of interesting registry hacks on 
the SAMBA website which allow WIN9x to have server based profiles. I'm also 
thinking about using symlinks in my Win4Lin sessions to accomplish the same 
thing.

Sounds like you are on the right track.

I will be replacing my Win based proxy with Linux shortly. From what I've 
read on the list DANS Guardian appears to be a better filtering option. Six 
of one, half dozen of the other (that take your pick in Kiwispeak).

Hope this helps,
Bert

On Tuesday, July 16, 2002 4:25 AM, Quentin Hartman 
[SMTP:qhartman lane k12 or us] wrote:
> Colleagues-
> 	I am working on re-building a network for a k-12 institution, and am
> trying to put in some security features that are sorely needed. One of 
the
> most glaringly obvious omission for this environment is that there is no
> mechanism in place to authenticate users for internet access. It is a 
mixed
> environment of Linux and Windows 9x workstations and Linux and NT 
servers.
> I would very much like to have centralized user management. The scenario
> goals we are trying to achieve are:
>
> 1- Unrestricted user logs in. Has access to file / app servers and 
Internet
> 2- Semi-restricted user logs in. Has access to file / app servers, but 
not
> internet.
> 3- restricted user logs in. Has access only to local files and programs.
> 4- Unauthorized user cannot login.
>
> I imagine a combination of policy files for the 9x clients, samba, pam, 
and
> squid could achieve this, but I would like your feedback on the best way 
to
> proceed to complete this project. Am I on the right track at all?
>
> -Regards-
> -Quentin Hartman-
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]