I've got "The Book of PF" on order.
Meanwhile I will continue to fumble through on my own.
I work at a boarding school.
Freetime Internet access is a carrot we use to encourage
accademic performance. Most free time use is java games and
social networking sites.
I am trying to set up a system to allow internet usage on a per
person basis. I work in a school, and the kids aren't terribly
shy about loaning/borrowing accounts.
(I've already set up my windows boxes so that if the same user is
detected logged in on more than one machine, then BOTH machines
reboot. Sometimes it's because a kid forgot to log off.
Sometimes it's because he logged in for someone else.)
I want to change the system from one where computer access is
allowed/denied (script working on smbpasswd file.) to one where
internet access is allowed/denied through pfauth.
The firewall box also runs squid in transparent mode. Almost all
of the internet access is for the web. I want to use pfauth
instead of squid's authentication for several reasons.
1. To use squid's authorization I have to make squid
non-transparent.
2. I have a prototype authentication scheme that will work with
ssh/pfauth, but that is beyond me for squid integration. (Notion
is to build up a set of questions/answers that only the user will
know. In essence a bunch of questions for each user on the line
of "what is the middle name of the first girl you had a crush
on?" with them having considerable leeway in which questions they
want in their personal security database)
3. I want to regulate the non-squid access too.
How do I set up pfauth to authenticate both squid and network trafic?
How do I set up tallying by user so that I can get an idea of
who's spending too much time on facebook.
