[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control for services

On Sat, 20 Jan 2001, Shanker Balan wrote:

> For example, if the attribute "httpaccess: 0" exists in a user's ldif entry,
> that user should be denied proxy access using squid. Similarly, if the ldif
> entry has the attribute "mailaccess: 0", Sendmail should automatically
> reject mails coming to this user saying "no such user".
> Has anybody implemented such a tight access control on a service by
> service basis? Can this be achieved?

I haven't tried this, but I think that to support this you'll have to modify
sources for the proxies you wish to control.  You'll also have to
authenticate all users for all services, which may be an overwhelming hassle
in some cases.

Squid *might* be able to do it - certainly, it has the ability to
authenticate users, but I'm not sure whether it can do access control via
LDAP.  Sendmail probably has a way of doing this, as it has LDAP support,
but you'll have to read some heavy documentation to work out how to do it.

I wish you luck.

#include <disclaimer.h>
Matthew Palmer