On Mon, 1 Nov 2004, Glenn Baptista wrote:
> I realise that user authentication in squid is done via an external
> authentication program (e.g. NCSA module) with the appropriate password file.
> Administratively it is preferable to write Authentication ACLs using Groups
> rather than User Names. Hence grouping ACLs are defined that enumerate users
> within a group. Each time a new user is added, besides the passwd file, even
> the squid.conf file has to be modified to add the user to the required group
> ACL.
Actually most prefers if the proxy connects to the user directory you have
(LDAP / MSAD / Novell NDS / NIS / whatever..)
> Instead of each time modifying the squid.conf file, is it possible to utilise
> another file (e.g. group.conf) where we may define ACLs that assign users to
> groups, while maintaining the squid.conf file constant, and including the
> group.conf into squid.conf using some sort of an include statement?
Yes, as is documented in the acl directive
acl aclname type "/path/to/file"
> Also is it possible to add the user group(s) directly to the
> /squid/etc/passwd file that is used by the NCSA module or is there some other
> authentication module that takes care of user groups?
ncsa_auth only takes care of authenitcation, not authorization.
Regards
Henrik
Received on Mon Nov 01 2004 - 14:08:17 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST