[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Chris Riddoch chrisr@digeo.com
Thu, 20 Apr 2006 08:50:14 -0700 (PDT)
On the topic of security, I need the opposite. This should be an easy
one for someone...
access * {
admin user;
trusted 172.50.*.*/16;
}
That doesn't do what I want, which is to let any user, for example,
inside 172.50.*.* connect, but nobody should have to care about logging
in as any particular user unless they want to have administrative
privileges in conserver. We have a firewall to take care of the rest.
I wind up having to specify -at on the command line of conserver,
because otherwise I'm denied access because it thinks I'm coming from a
disallowed host. For one, I thought the default access rule was (unless
otherwise specified) 'allowed', but more importantly... everything here
is on that non-routable network.
Then there's the little fact that I get parse errors when I try to
specify a line like "defaultaccess trusted;" in my default * {} block.
I'd rather not have to use command-line options to accomplish this, but
it works for the short term.
What gives?
--
Chris Riddoch
epistemological humility