French, David wrote:
> Thanks. I found ipfauth and I am looking at it now. I also found
> userauth.c in the source samples directory.
>
> One last question, I don't see anything that may specify what process
> and/or user a packet is associated with. Is this information any place
> I could reference? If not, is there any chance it may be added at some
> point?
>
> What I am trying to do here is setup an authentication daemon to
> allow/deny outgoing connections based on the user who initiated the
> packet. It will check a configuration file/db to see what protocols,
> networks, etc a user can send packets to.
>
That information isn't always available, so it isn't part of what IPFilter
makes available or uses.
However, because you're using a daemon to do this, there's no reason
why the daemon can't use tricks similar to [p]identd or lsof to find the
owner of the packet...so long as it is TCP/UDP.
Darren
|