Hi!
For a masquerading gw allowing internet access to authenticated users, I need an identd that answers ident-requests giving the (hashed) hostname and user-id of the client that connected to the requesting system. This is to make sure that in case of abuse, the responsible can be found and the admin of the gateway is not made responsible (as the connections come from the gateway ip address as seen from the server). I could provide the identd with the information which local ip (which will be masqued to the outside) belongs to which user. All that is some kind of an extension to an authenticating gateway.
Is anyone using something like that, or does anyone know a solution?
TIA, CU Lars.
On Sun, 2 Jan 2005, Lars O.Grobe wrote:
Date: Sun, 2 Jan 2005 18:53:20 +0100 From: Lars O.Grobe grobe@gmx.net To: suse-security@suse.com Subject: [suse-security] identd on a masq gateway, answering with hostnames?
Hi!
For a masquerading gw allowing internet access to authenticated users, I need an identd that answers ident-requests giving the (hashed) hostname and user-id of the client that connected to the requesting system. This is to make sure that in case of abuse, the responsible can be found and the admin of the gateway is not made responsible (as the connections come from the gateway ip address as seen from the server). I could provide the identd with the information which local ip (which will be masqued to the outside) belongs to which user. All that is some kind of an extension to an authenticating gateway.
Is anyone using something like that, or does anyone know a solution?
TIA, CU Lars.
I used to use mident a long time ago for this - http://panorama.sth.ac.at/midentd/ - A search on google also revealed http://freshmeat.net/projects/oidentd/?topic_id=150] which appears to be a popular one these days and it is even part of 9.2 professional.
Best regards Hubba
Hubertus A. Haniel wrote:
I used to use mident a long time ago for this - http://panorama.sth.ac.at/midentd/ - A search on google also revealed http://freshmeat.net/projects/oidentd/?topic_id=150] which appears to be a popular one these days and it is even part of 9.2 professional.
Hi,
think this is worth a try. I didn't find to much docs so far, but will have a closer look now. Also we will try to use this together with Nocat (http://nocat.net). This would be a solution to provide laptop and more or less mobile workstations (in an university environment) with internet access. Nocat as an authenticating and masquerading gateway, pimp to make sure those authenticated don't abuse their internet connection (or at least to make the admin of the gateway not the only responsible person). The idea to log all connections (by using the iptables log or the identd log) was rejected, as it gives legal problems (and also general privacy questions!!!). So providing a identd-service from the gateway, making it possible to find out the hostnames of the (registred) clients behind the gateway, is the only way I see at the moment.
Thanks, CU, Lars.
-
Hubertus A. Haniel -
Lars O.Grobe