Article delegate-en/4899 of [1-5017] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: Does Delegate support user-based access lists, with those users authenticated by a RADIUS server?
11 Sep 2010 03:12:16 GMT Vietnhi Phuvan <pcijqbdyi-qprr6ua6sja6.ml@delegate.org> 
I am trying to implement PAM authentication and authorization to access
ssh services on specific hosts: specifically, the Employees group should
have full access to the local network, while the Consultants group has
ssh access to host1 and host2. Both the Consultants and Employees groups
are defined in Active Directory and accessed through PAM authentication.
All services including ssh are accessed through socks.

My tentative solution is

AUTHORIZER="-pam/*:*:*" (PAM authentication applies to all services and
for access to all hosts)

PERMIT="PERMIT="ssh:host1,host2:Consultants" (The Consultants group can
ssh into host1 and host2 through socks

PERMIT="*:*:*" (Everybody else can access all services on all hosts
through socks)


Is my tentative solution correct or does it need modification?


Regards,


----- Original Message -----
From: "Yutaka Sato" <feedback@delegate.org>
To: feedback@delegate.org
Cc: "vietnhi phuvan" <pcijqbdyi-qprr6ua6sja6.ml@delegate.org>
Sent: Sunday, August 22, 2010 7:53:12 AM
Subject: Re: [DeleGate-En] Does Delegate support user-based access lists, with those users authenticated by a RADIUS
server?

Hi,

In message <_A4884@delegate-en.ML_> on 08/20/10(04:10:10)
you Vietnhi Phuvan <pcijqbdyi-qprr6ua6sja6.ml@delegate.org> wrote:
|My own review of the Delegate mailing list in addition to my own review
|of the Delegate manual lead me to the conclusion that Delegate does NOT
|support user-based access lists with those users authenticated by a
|RADIUS server as of 08/20/2010. Am I correct?
|
|If I am not correct, please tell me how to modify the AUTHORIZER
|statement to include RADIUS authentication (I assume that the AUTHORIZE
|statement is the one statement that need to be modified.

DeleGate does not support RADIUS directly. I'm not sure but it
might be available via the PAM interface.

AUTHORIZER=pam

Cheers,
Yutaka
-- 9 9 Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V