ADELINE E InfoRstTel wrote:
>
> Since I added an "user acl" in my squid;conf, ident lookups are made by Squid
> despite the "ident_lookup off".
> (I use proxy authentication).
>
> Is it a feature? And if it is, how to disable ident lookups (without patching
> the code)?
Quote from the config file:
// acl aclname user username ... # string match on ident output.
// # use REQUIRED to accept any
// # non-null ident.
(Someone will correct me if I'm wrong here)
I don't believe squid has any way of determining what the user name
associated with a connection is without using ident. That's what ident
is for: To find out what username is on the other end of a socket.
Therefore, it seems to me, that if you put in an 'acl ____ user _____'
without ident running, the acl would never pass unless squid turned
ident lookups on.
As it is (I just did a UTSL - does nobody read source-code anymore?),
yes:
case ACL_USER:
Config.identLookup = 1;
If you use the user acl, you get ident lookups automagically. Since you
have to have them for user acls to work, I guess you call it a feature.
D
Received on Mon Mar 09 1998 - 09:00:09 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:12 MST