Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] LDAP, Novell and Squid
> In a private LAN we have NT- and Win2k- Workstations with
> Novell-Netware-Clients, getting their IP-Addresses via DHCP.
>
> On a Suse-7.2-Linux-Box runs Squid, which is the one and only host
> of the private LAN allowed to cross the Firewall with http-related
> requests.
>
> A Netware-Server with LDAP installed, translates NDS-Attributes of
> our choice to LDAP.
>
> According to our Policies only some of our users are allowed to surf
> the net.
>
> To enable these "privileged" users, we put them into a certain
> NDS-group. On the squidhost every 15 Minutes runs a perlscript, which
> asks the LDAP Server for a list of IP-Adresses, where members of this
> group are currently logged in. This list is than formatted as an
> Client-Adress-ACL for squid.
>
> Hence users have to authenticate themselves only once to the
> Netware-Server and get enabled or not - independent of their current
> IP-Adresses - iff they are members of this privileged group.

This is even better then social engineering (ok, maybe its exactly that).
Ask for a mouse and get the whole elephant. The only thing i missed
was a short excerpt from some of your logs with your ip's in it :O),
so would i've to check it for myself.

> Dr. H. Rosner
> Stadtverwaltung Jena
> Hauptamt / Datenverarbeitung

A paranioc user :O)

Think about !

Michael


< Previous Next >
Follow Ups