Re: Access control for services

[Shanker Balan <shanu@exocore.com>]

Jan-Piet Mens wrote:
>Yes, it is possible, but may require some work. I've done it for
>Squid by writing an external authenticator which searches for
>a user by using an appropriate filter (&(uid=xxx)(httpaccess=ok)) and
>having an slapd index on all attributes to make it fast. That was no
>big problem. You could take the contrib `ldap-auth' and hack that in.

We have a similar thingy implemented in perl. Can you send me the source
for the squid external authenticator?

>Sendmail may be a bigger problem. Just thinking out loud here: if
>sendmail would recognize a user as being local when using nss_ldap
>then you could easily hack nss_ldap to use an appropriate filter.
>Otherwise I wouldn't know how...

Apparently, MS Exchange 2000(?) has this capability where in one can
control whether the user is allowed to recive external mail. Does
sendmail have a similar feature by any chance? I did a search on google
but not much luck as yet.

>FTP should be easy: try ProFTPD which supports LDAP. You can possibly
>use your own filter.

ProFTD is what i was looking at also to control FTP service access.

-- Shanu

Mulder: You can't bury the truth!

	"The X-Files: Aprocrypha"