[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Disabling authentication

Chris Riddoch chrisr@digeo.com
Thu, 20 Apr 2006 08:50:14 -0700 (PDT)

On the topic of security, I need the opposite.  This should be an easy
one for someone...

access * {
  admin user;
  trusted 172.50.*.*/16;

That doesn't do what I want, which is to let any user, for example,
inside 172.50.*.* connect, but nobody should have to care about logging
in as any particular user unless they want to have administrative
privileges in conserver.  We have a firewall to take care of the rest.

I wind up having to specify -at on the command line of conserver,
because otherwise I'm denied access because it thinks I'm coming from a
disallowed host.  For one, I thought the default access rule was (unless
otherwise specified) 'allowed', but more importantly... everything here
is on that non-routable network.

Then there's the little fact that I get parse errors when I try to
specify a line like "defaultaccess trusted;" in my default * {} block.

I'd rather not have to use command-line options to accomplish this, but
it works for the short term.

What gives?

     Chris Riddoch
epistemological humility