Sophie

Sophie

distrib > Mandriva > 2010.1 > x86_64 > by-pkgid > 965e33040dd61030a94f0eb89877aee8 > files > 464

howto-html-en-20080722-2mdv2010.1.noarch.rpm

<HTML
><HEAD
><TITLE
>What is needed</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Authentication Gateway HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Introduction"
HREF="intro.html"><LINK
REL="NEXT"
TITLE="Setting up the Gateway Services"
HREF="setup.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Authentication Gateway HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="intro.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="setup.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="SERVICES"
></A
>2. What is needed</H1
><P
>  This section describes what is needed for the authentication gateway.
  </P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="NETFILTER"
></A
>2.1. Netfilter</H2
><P
>   The authentication gateway uses Netfilter and iptables to manage the 
   firewall. Please see the 
   <A
HREF="http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html"
TARGET="_top"
>   Netfilter HOWTO
   </A
>.
   </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="DYNAMICNETFILTERRULES"
></A
>2.2. Software for dynamic Netfilter rules.</H2
><P
>   
   One means to insert and remove Netfilter rules is to use
   pam_iptables.  This is a pluggable authentication module (PAM)
   written by Nathan Zorn that can be found at 
   <A
HREF="http://www.itlab.musc.edu/~nathan/pam_iptables/"
TARGET="_top"
>   http://www.itlab.musc.edu/~nathan/pam_iptables
   </A
>.
   This PAM module allows users to use ssh and telnet to authenticate
   to the gateway.
   
   </P
><P
>   
   Another means to dynamically remove and create Netfilter rules is
   to use NocatAuth.  NocatAuth can be found at 
   <A
HREF="http://nocat.net"
TARGET="_top"
>   http://nocat.net
   </A
>.  
   NocatAuth provides a web client for authenticating to the gateway.
   
   </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="DHCPD"
></A
>2.3. DHCP Server</H2
><P
>&#13;    The authentication gateway will act as the dynamic host
    configuration protocol (DHCP) server for the public network. It
    only serves those requesting DHCP services on the public
    network. I used the 
    <A
HREF="http://www.isc.org/products/DHCP/"
TARGET="_top"
>    ISC DHCP Server 
    </A
>.
  
   </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AUTHENTICATION"
></A
>2.4. Authentication mechanism</H2
><P
>    
    The gateway can use any means of PAM authentication.  The
    authentication mechanism the Medical University of South Carolina
    uses is LDAP. Since LDAP was used for authentication, the pam
    modules on the gateway box were set up to use LDAP. More
    information can be found at 
    <A
HREF="http://www.padl.com/pam_ldap.html"
TARGET="_top"
>    http://www.padl.com/pam_ldap.html
    </A
>.
    PAM allows you to use many means of authentication. Please see the
    documentation for the PAM module you would like to use. For more
    information on other methods, see 
    <A
HREF="http://www.kernel.org/pub/linux/libs/pam/modules.html"
TARGET="_top"
>    pam modules
    </A
>.
    
    </P
><P
>    
    If NocatAuth is used, an authentication service needs to be setup.
    The NocatAuth authentication service supports authentication with
    LDAP,RADIUS,MySQL,and a password file.  More information can be
    found at 
    <A
HREF="http://nocat.net/download/NoCatAuth/"
TARGET="_top"
>    http://nocat.net/download/NoCatAuth/
    </A
>.
    
    </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="DNSSERVER"
></A
>2.5. DNS Server</H2
><P
>    
    The gateway box also serves as a DNS server for the public
    network. I installed <A
HREF="http://www.isc.org/products/BIND/"
TARGET="_top"
>Bind</A
>, and set it
    up as a caching nameserver. The rpm package caching-namserver was
    also used. This package came with Red Hat.
    
    </P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="intro.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="setup.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Introduction</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Setting up the Gateway Services</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional