Re: FW: [squid-users] Squid NTLM acl

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 5 Jun 2002 21:09:32 +0200

Segree, Gareth wrote:
> I have the following in my squid.conf
> authenticate_program /usr/bin/smb_auth -W DOM1 -U PDC1
> acl domainusers proxy_auth REQUIRED
> http_access allow domainusers
>
> will ACL restrictuser proxy_auth "userlist.txt" conflict with
> acl domainusers proxy_auth REQUIRED

No.

The effect depends on how you make use of the acl's in http_access, just as
any other ACL type.

REQUIRED is just a magic username matching all users. Same thing as explicitly
listing all your usernames.

The only magic difference of the proxy_auth ACL compared to the other ACL
types is that if the usercredentials isn't valid when a proxy_auth ACL is
processed in http_access then the request will denied with "Login required
(407)". This is regardless of which users the ACL is defined to match or type
of http_access rule.

Ah, well, there is another small magic difference.. if the request was denied
with a proxy_auth ACL as the last acl type matched then the request will also
be dened with "Login required (407)", not "Access denied (403)"..

Regards
Henrik
Received on Wed Jun 05 2002 - 13:09:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:28 MST