Article delegate-en <_A4434@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/4434] [Reference:<_A4432@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: multiple configurations
14 Apr 2009 07:38:22 GMT Federico Bianchi <pjyiqbdyi.ml@ml.delegate.org>



That's exactly what I was looking for, with a minor caveat: the whitelist 
is quite long and should be maintained by our library staff; therefore, it 
would be very helpful to have it in a separate file (e.g., something like 
"HOSTLIST=@/etc/hosts_OK").

Best regards

 	 		Federico Bianchi
 			Dipartimento di Storia delle Arti
 			Universita` di Pisa
 			piazza S.Matteo in Soarta, 2 - I56127 Pisa (Italy)
 			fax.+30-000-00000F; e-mail: <f.bianchi@unipi..it>
 			===================================================
 			!DISCLAIMER!: my e-mail reflects _my_own_ opinions!
 			===================================================

On Mon, 13 Apr 2009, Yutaka Sato wrote:

> Hi,
>
> In message <_A4431@delegate-en.ML_> on 04/13/09(11:43:13) I wrote:
> | |LDAP directly), but so far I haven't been able to find out how to handle
> | |whitelists in DeleGate; moreover, I don't know how to combine the rules to
> | |enforce the "right" priority.
> |
> |I'm not so sure about your requirment but it could be realized with
> |an AUTHORIZER parameter like this:
> |
> |  AUTHORIZER="-pam/password,-pam/ldap,-list{u1:p1,u2:p2,...}"
>
> I'm not sure how your "whitelist" is constructed, but if it is
> a list of clients hosts or so, it might be represented as
>  AUTHORIZER="authServList:*:*:!whiteList" with
>  HOSTLIST="whiteList:host1,host2,..."
> Or it might be as (I'm not sure this works as is)
>  AUTHORIZER="-pam(pampasswd),-pam/ldap(pamldap),-none" with
>  RELIABLE="-a/pampasswd,-a/pamldap,whiteList"
>
> And in DeleGate/9.9.3-pre3, tentatively I introduced new pseudo
> authentication server named "-hostlist" which ignores authentication info.
> and just test the host info. of the client to be used as follows:
>
>  AUTHORIZER="-pam/passwd,-pam/ldap,-hostlist/whiteList"
>  HOSTLIST="whiteList:host1,host2,*.domain1,..."
>
> Cheers,
> Yutaka
> --
>  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
> ( ~ )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V