Article delegate-en/4908 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4905@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Does Delegate support user-based access lists, with those users authenticated by a RADIUS server?
15 Sep 2010 22:55:38 GMT Vietnhi Phuvan <pcijqbdyi-uwzfqiuy6zxr.ml@ml.delegate.org>


I am trying this command (I am still in testing mode, that's why I am 
not scripting):

delegated -P1080 SERVER=socks AUTHORIZER=-pam OWNER="root" 
REMITTABLE="tcprelay/80" REMITTABLE="tcprelay/22"  
HOSTLIST="ConsServ:/10.80.80.100" REJECT="tcprelay:\!ConsServ:user1"  
PERMIT="tcprelay:*:*" +=/etc/delegated.conf

I am wondering why user1 is not being blocked from accessing 
10.80.80.100. Do you see anything wrong with my syntax?

Thanks (I'll tell you later how I would implement RADIUS authentication 
through PAM. It's almost trivial)
.


Yutaka Sato wrote:
> In message <_A4904@delegate-en.ML_> on 09/15/10(07:58:44)
> you Vietnhi Phuvan <pcijqbdyi-uwzfqiuy6zxr.ml@ml.delegate.org> wrote:
>  |I am trying this syntax:
>  |
>  |delegated -P1080 SERVER=socks 
>  |AUTHORIZER=-pam:http,ftp:192.168.255.0/24:* REMITTABLE="tcprelay/80" 
>  |REMITTABLE="tcprelay/22" HOSTLIST="ConsServ:/10.80.80.100"  
>  |HOSTLIST="ConsClnt:/10.80.80.3" 
>  |REJECT="tcprelay:!ConsServ:ConsClnt,user1" PERMIT="tcprelay:*:*"  
>  |+=/etc/delegated.conf
>  |
>  |and I get
>  |
>  |-bash: !ConServ: event not found
>  |
>  |The intent is to block user1 from accessing ConServ through ports 80 and 
>  |22. The bash shell doesn't like the "!" sign. What's wrong with the syntax?
>
> A user of a command shell is expected to know what "!" means when it 
> used in a command line, and how to escape the interpretation of "!"
> by a shell (using "\").  Just see "man bash" and search the word
> "history" and the phrase "history substitution".
>
> Another (recommended) way is not to use "!" on a command line, but in
> a shell script to which the "history substitution" is not applied.
>
> And another (the most recommended) way is writing parameters so that
> never been interpreted by a shell, that is, writing each parameter
> line by line in a file and include it with +=file.
>
> Cheers,
> Yutaka
> --
>   9 9   Yutaka Sato, CSDP#005482 <y.sato@delegate.org> http://delegate.org/y.sato/
>  ( ~ )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
>   


-- 
Vietnhi Phuvan
Senior Systems Engineer
SPECIAL APPLIED INTELLIGENCE
36-40 37th Street, Suite 201
Long Island City, NY 11101

800.511.9818 [Tauk*] x2000
718.576.1404 [fax]

 -> progress for hire <-
http://www.specialai.com/



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V