TCP connections restricted to specific users

[Florian Weimer]

Suppose I have a cluster of machines, running an application.  The 
application opens up TCP connections to other machines, without any form 
of authentication.

If nothing else is running on these machines, it is possible to use 
iptables, perhaps in combination with IPsec, to prevent misuse of these 
services.

If there are other services running the cluster nodes which are supposed 
to have different privileges, what are my options to preserve this 
distinction in privileges?  If those other services can connect to the 
TCP port used by the clustered application, it's possible that the 
(supposedly unprivileged) service takes over the cluster.  Would 
iptables owner match work here?  Is there some way to pass on user 
information with IPsec?

-- 
Florian Weimer / Red Hat Product Security Team