> On Monday 01 November 2004 12:29, shogunx wrote: > > > > > > Hmmm .. > > > I would have thought that you could just set up proxy with authetication > > > ?? Those who are allowed .. give them passwords .. > > > > What, proxy all outbound traffic? What stops the kids from sharing > > passowrds. > > > > Well, an alternative is to put ARP ACL's on as well ... > eg: > acl WSTATION1 arp ff:ff:ff:ff:ff:ff
In my opinion, using a proxy also allows you to disable the local browsers disk (& perhaps memory) cache. This will save you on resource consumption. I enabled my home squid proxy with identd support. So rules are attributed to the login id of the person making the connection. Ex: I have 'kids' rules which default to everyone, and then explicit individuals have unrestricted access. I had to modify the configs in the following way (RedHat 9) to get things working correctly. Squid also logs the username with the url. ### /etc/sysconfig/identd IDENTDOPTS="-e -o" ### /etc/identd.conf (NOTICE ENCRYPTION IS OFF & USERNAMES RETURNED) #-- The syslog facility for error messages # syslog:facility = daemon #-- User and group (from passwd database) to run as server:user = ident #-- Override the group id server:group = ident #-- What port to listen on when started as a daemon or from /etc/inittab # server:port = 113 #-- The socket backlog limit # server:backlog = 256 #-- Where to write the file containing our process id server:pid-file = "/var/run/identd.pid" #-- Maximum number of concurrent requests allowed (0 = unlimited) # server:max-requests = 0 #-- Enable some protocol extensions like "VERSION" or "QUIT" protocol:extensions = disabled #-- Allow multiple queries per connection. This slightly breaks RFC1413 protocol:multiquery = enabled #-- Timeout in seconds since connection or last query. Zero = disable # protocol:timeout = 120 #-- Maximum number of threads doing kernel lookups kernel:threads = 2 #-- Maximum number of queued kernel lookup requests # kernel:buffers = 32 #-- Maximum number of time to retry a kernel lookup in case of failure # kernel:attempts = 5 #-- Disable username lookups (only return uid numbers) # result:uid-only = no result:uid-only = no #-- Enable the ".noident" file # result:noident = enabled #-- Charset token to return in replies # result:charset = "US-ASCII" #-- Opsys token to return in replies result:opsys = "OTHER" #-- Log all request replies to syslog (none == don't) #result:syslog-level = none #result:syslog-level = info #-- Enable encryption (only available if linked with a DES library) result:encrypt = no #-- Path to the DES key file (only available if linked with a DES library) encrypt:key-file = "/etc/identd.key" #-- Include a machine local configuration file # include = /etc/identd.conf ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net