[prev in list] [next in list] [prev in thread] [next in thread]
List: fwtk-users
Subject: Re: http-gw restrictions from WinNT Term Svr/Citrix MetaFrame
From: ark () eltex ! ru
Date: 2001-07-31 10:07:53
[Download RAW message or body]
[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
http authorization is real PITA and it is really hard to implement it properly.
the proper way seems to be use of short-living reusable passwords generated
after traditional authsrv OTP authentication succeeds.
Denis Tokarev <den@tensor.ru> said :
> Michael Cassidy wrote:
> >
> > Just wondering if anyone might have any ideas on how one could go about
> > controlling access to http-gw for users running from WinNT sessions on
> > a Windows NT Terminal Server (which also happens to be running Citrix
> > MetaFrame). I'm guessing not much can be done since each user on any
> > given server will be seen as coming from the same IP address, but I
> > thought it would be worth a try anyway. Of course the objective is to
> > be able to allow certain users access to http-gw and others not.
> >
> > Although all the users would have the same IP address, I'm wondering
> > whether there might be some way to "push" some additional info to
> > http-gw that could be used to distinguish one user from another.
> >
>
> May be using some kind of authorisation is a solution? Consider using of
> authsrv component from fwtk package.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQCVAwUBO2aDeKH/mIJW9LeBAQEjdQP/Q65nVftqWZDgr+jMYtRJM5BTfHu7gnqD
ThXT+NpbbmjpxgEboA4OmWwXi6kVp+Y8UuLuBzkvt9G/K2XlRiA2vkRN4bR6AJw1
u2xrRuZojuMhPWH9WIQGQ6vtEgeg0uz4DF/8we2ig9L4hBRYTiUbFe12Ot2xgXhu
UwIAE/3ZdOQ=
=a2J+
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic