[EMAIL PROTECTED] wrote:
>Both of these products are included on the 3rd party Server Applications
>disk included in the RH 6.2 distribution. Reviews on the net are sparse.
>I will appreciate any comments/recommendations regarding them.
We are looking at using I-Gear here where I work as a replacement for
Squid. We ran the trial version for 30 days and results were pretty
good. It has some nice reporting capabilities and although some of the
web-based configuration is not intuitive at first, it also has some nice
features. Here's a few questions/concerns I had and I-Gear's answers to them:
>1) When working with client objects (most notably when adding them) I can
>type in a host name but I-Gear resolves it to the IP address. It would be
>nice to have the option to display either the IP address or just the
>hostname without the domain name appended.
I will add this request to the list of RFEs (Request for Enhancements). It
might have to be and optional setting somehow though since larger
organizations would have to make sure that DNS was set to do reverse
mapping for all their client computers.
>2) Administration. I'm always concerned when usernames/passwords are
>transmitted in cleartext. While it doesn't bother me too much for virtual
>I-Gear users, it does bother me that the virtadmin (and anyone else who
>has admin rights) are sent in the same fashion. Are their any plans to
process
>the authentication using SSL? If not, what about having the admin portion
>listen on a different port than the "regular" cache process? This would
>allow me to firewall off the admin port with ipchains and only allow access
>from a few specific IP addresses. Barring that, how about making the admin
>login available only from specific IP addresses, similar to what you can do
>with the Apache web server?
We plan to add support for a secured Administrative Interface and user log
on in a release later this summer. We are actually in discussion now about
possibly including support in the June 30 release but it is doubtful at
this point. We will provide the secure interface using SSL.
>3) Is it possible to run I-Gear as a non-root user? It doesn't appear to
>need access to anything as root, so how about having the option of creating
>a "regular" (say igear) Linux user & group account and running the igear
>processes as that user? I realize this would necessitate changing the
>owner, group and permissions on the I-Gear files & directories, but I
>think this would enhance the security of the software.
We need access to root to support system users. However, there are some
very good points made above and I have already shared them with the
development staff. We could make some changes certainly.
>4) Some of your competitors products have the ability to set daily time
>limits on Internet usage - do you have any plans to include this in a
>future release? I realize you can set daily & specific events - this would
>be more like creating an event that allows Internet access between 8:00am
>and 4:00pm for everyone and configuring additional clients/users/casts for
>3 hours of access maximum. Does this make sense?
It makes very good sense and has been a request that is long overdue in the
software. It would have been in there if it weren't for the integration of
Norton Anti-Virus and Mobile Code currently undergoing internal beta
testing. This should be in the following release as well (Hopefully in
September!).
>5) I-Gear doesn't seem to use the "search" option in
>/etc/resolv.conf. That is, if /etc/resolv.conf on my server looks like so:
>
>search ci.westminster.co.us westminster.lib.co.us
>nameserver 198.243.2.200
>nameserver 198.243.1.97
>
>and I type "intranet" into the URL field of my web browser, I-Gear comes
>back with an error message saying it was unable to resolve the hostname.
>I must always type the full host/domain
>name: "intranet.ci.westminster.co.us" or
>"intranet.westminster.lib.co.us. It's not a major problem, but it would
>be nice if I-Gear was aware of the search option.
We had a look at the code and "search" is in there and should work. You
might try to use "Domain" for now while we have a close look.
>6) While trying to administer I-Gear over a dial-up PPP connection, I kept
>getting "TCP connection reset by peer" error messages while trying to edit
>some of the scheduled events. When I logged into virtadmin again the
>changes had been lost. Any idea what's causing this?
We've not seen this before. In fact, I administer a demo server regurlarly
over a dial-up PPP connection. The demo server is a Red Hat box. You do
have to finish all the way through to the end of the screens under "Set
Defaults" or "Edit/View and Existing Event" in order to the changes to
complete. We can take a further look here too.
---end of Q&A session---
Two reasons we're considering using it here are (1) blocking access to
webmail & chat rooms and (2) the easy to use reporting capabilities. We're
already blocking access to some webmail/chat sites with Squid, but I don't
have time to try to keep the lists up to date. If I can pay a vendor to do
so for me, I'd prefer to go that way.
Hopefully we'll have a decision about using it here within the next
month. If we do decide to use it and you want further impressions, let me
know and I'll do another write up.
-Eric
Eric Sisler
Library Computer Technician
Westminster Public Library
Westminster, CO, USA
[EMAIL PROTECTED]
Linux - don't fear the Penguin.
Want to know what we use Linux for?
Visit http://gromit.westminster.lib.co.us/linux
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
