Is it possible to block ports by user name?

[noober]

Hi all. I am interested in blocking ODBC access by user name and I was wondering if its possible to do this with a network port setting? Can you deny ports by user name?
-thanks

 

[unixfreak]

No. Usernames is not a part of the tcp/ip protocol.

Cheers

 

[noober]

Anyone have any other suggestions for preventing specific users from connecting to an AIX box using ODBC?

I would like to do this at the OS level because the database I am using does not allow for this kind of granular control.

 

[jwtesch]

In AIX 5.2, there is something called DACinet that stands for 'Discresionary Access Controlled Inet'. It allows you to set ACL's for network services between two AIX 5.2 systems. Beware, once this is turned on, you can't turn it off.

See:

http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/security/tcpip_security.htm

 

[noober]

The odbc connections I am concerned with are internal/LAN based. My goal is to prevent folks from using a query tool or MS Access to work around application based security that sits in front of a database.