[K12OSN] A different authentication issue

Brian Chase networkr0 at cfl.rr.com
Thu Apr 15 01:53:44 UTC 2004

You might try Webmin, here's a excerpt from the Squid Access Control 
Help Section, might be what you're after, looks like you can allow 
filtered on user and/or group.

      Access Control

Access control lists: ACLs are lists of terms to be matched using 
regulard expressions of literal expressions. An ACL may also be a file 
that contains one item or regular expression per line. The ACL box on 
this page has several fields which may be edited. New ACLs may also be 

The fields present are:

Name is the name by which the ACL can be identified. When creating a 
Proxy Restriction this is the name used to define what is being restricted.

Type is the type of information that the ACL is to be matched against.

Matching.. is the address, port, URL, user, etc. that the ACL will be 
matching to.

Proxy restrictions: Proxy restrictions are rules that either allow or 
deny a given request based on whether its ACL matches the specifics of 
the reuqest. There are three fields in this box.

Action is either allow or deny.

ACLs are the ACLs that will be matched against to decide whether the 
request is allowed or denied. If prepended by an exclamation point the 
ACL will be negated, in other words everything except members of that 
ACL will be allowed or denied.

Move allows the order of restrictions in the list. The order in which 
they appear is important, because Squid only reads the list until it has 
found the first match.

ICP restrictions: This box is for restricting ICP requests. ICP requests 
are requests from other neighbor caches. This section work the same as 
Proxy restrictions.


madsen at vijit.com wrote:

>Reading about a previous poster's authentication issue (for which I'm
>sorry to say I have no answer), I was reminded of a problem I've sorta
>been ignoring.
>Students are using a Novell server and I want to migrate them to 
>LTSP or a "conventional" [Linux] PC as appropriate.  That's not an issue.
>But Novell Border Manager is used to keep track of who to allow onto the
>Internet.  Once they log in to the main Novell server, the Border Manager 
>knows about the login and can check to see if they're allowed to use the
>'net, too.  Some students' parents have signed Internet permission slips,
>and some have not.  Lower grades aren't permitted to access the Internet
>anyway.  This means we have to allow selective Internet access based on 
>human identity, not IP address or some other machine characteristic.
>I suppose something could be hacked to "fix" the default route in 
>the routing table in a "conventional" Linux environment, but that still
>leaves the control on the client (end-user) machine.  I don't see this
>as too smart, as end-user ingenuity could be used to defeat this.  It
>would be better to have something more "central" that the kids couldn't
>get to acting as gatekeeper.
>Does anyone know of any facility (in either an LTSP or "conventional"
>Linux environment) to do this?  
>All/any suggestions welcome!
>Dave Madsen ---dcm
>madsen at vijit.com
>K12OSN mailing list
>K12OSN at redhat.com
>For more info see <http://www.k12os.org>

Brian Chase			Phone:  386-775-5366
2345 Hillside Ave.		Fax:    309-276-2048
Orange City, FL  32763		Email:  networkr0 at cfl.rr.com


More information about the K12OSN mailing list