one way would be be to first redirect all outgoing traffic via iptables to a webserver with an auth-cgi. after authentication new iptables/tc rules are inserted for the current user-ip. i don't know if there is already such a script, but i think it would be no big problem. perhaps the pam_iptables is also possible with pam_auth in squid...
buz On Die, 2003-06-10 at 19:53, Stefan Neufeind wrote: > But what if you need an "open" system? Not loggin into domain but > loggin in via webinterface? E.g. when they try to surf the net they > get redirected to "authenticate here first". > > On 10 Jun 2003 at 9:06, Bastian Winkler wrote: > > > perhaps the following could fit your needs: > > http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/ > > personally i use pam_iptables in combination with a samba PDC to > > control network access with iptables+htb for windoze-clients on domain > > logon. its a nice way to control some special kaazaa users whatever > > machine they use ;-) > > > > buz > > > > On Mon, 2003-06-09 at 22:36, Alex (LEX) Borges wrote: > > > I know this is doable by hand, but im wondering if anyone knows of a > > > cool set of scripts or something for visitor based netoworking > > > (something like dhcp+cbq+iptables to control whos accesing what and > > > to allow acces to a network where you should on a time basis...etc. > > > Think hotels with eth access or airports with wifi) >
