Hello: Goutam Baul wrote, > We are having a few servers all running web based applications.
> We need to have a mechanism in place by which we control the access to > the servers based on the user (not IP address). Hmm... you want to put user ACLs at the network level? It can be done using OpenBSD's "authpf" or "pam_iptables" module. These things work by inserting an appropriate firewall rule after a successfull user authentication. So on your servers, install "pam_iptables" and configure it to add a rule like this to allow network level access to the server after authentication: iptables -A INPUT -s <USER's IP> -d <THIS SERVER's IP> -j ACCEPT See: ftp://ftp.itlab.musc.edu/pub/pam_iptables.tar.gz Since I am yet to try them, I dont know how well they would work. > The servers are runing RH7.2. > Most of the clients are using windows. > We have proxy server running Squid. > What should be the way to go for if we don't do this on the > application level? Doing it at the application level using PAM'a account management modules would be nice way to handle this. If that is not feasable, then you could also get away by implementing a proxy with ACL: LAN -> Squid/ACL -> Servers When a user tries accessing the web application on the server, Squid will pop up the authentication dialog box and then you can handle it from there. What application is this anyway? Is it a custom application? > Do we have any way to achieve this by firewall like IPCHAIN ? AFAIK No. But using IPtables/Authpf it should be possible. -- Shanu http://shankerbalan.com -- Never offend people with style when you can offend them with substance. -- Sam Brown, "The Washington Post", January 26, 1977 _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
