'Re: http-gw restrictions from WinNT Term Svr/Citrix MetaFrame'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwtk-users
Subject:    Re: http-gw restrictions from WinNT Term Svr/Citrix MetaFrame
From:       ark () eltex ! ru
Date:       2001-07-31 10:07:53
[Download RAW message or body]

[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

http authorization is real PITA and it is really hard to implement it properly.
the proper way seems to be use of short-living reusable passwords generated
after traditional authsrv OTP authentication succeeds.


Denis Tokarev <den@tensor.ru> said :
 
> Michael Cassidy wrote:
> > 
> > Just wondering if anyone might have any ideas on how one could go about
> > controlling access to http-gw for users running from WinNT sessions on
> > a Windows NT Terminal Server (which also happens to be running Citrix
> > MetaFrame). I'm guessing not much can be done since each user on any
> > given server will be seen as coming from the same IP address, but I
> > thought it would be worth a try anyway. Of course the objective is to
> > be able to allow certain users access to http-gw and others not.
> > 
> > Although all the users would have the same IP address, I'm wondering
> > whether there might be some way to "push" some additional info to
> > http-gw that could be used to distinguish one user from another.
> > 
> 
> 	May be using some kind of authorisation is a solution? Consider using of
> authsrv component from fwtk package.
 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQCVAwUBO2aDeKH/mIJW9LeBAQEjdQP/Q65nVftqWZDgr+jMYtRJM5BTfHu7gnqD
ThXT+NpbbmjpxgEboA4OmWwXi6kVp+Y8UuLuBzkvt9G/K2XlRiA2vkRN4bR6AJw1
u2xrRuZojuMhPWH9WIQGQ6vtEgeg0uz4DF/8we2ig9L4hBRYTiUbFe12Ot2xgXhu
UwIAE/3ZdOQ=
=a2J+
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic