On Mon, 1 Mar 2010 07:46:47 -0800 (PST), nickcx
<ncairncross_at_condenast.co.uk> wrote:
> Hi All,
>
> I am working on Delay Pools at the moment and wanted to get some advice.
> Currently, I am using Kerberos Authentication for all users in a very
> simple
> configuration. All users are required to authenticate for http_access,
> which
> works fine. I would now like to limit their bandwidth but with different
> limits for sets of users. To make things easy this question has just one
> 'special' group, but I would like more than that (eg 1mb, 2mb, 4mb, 8mb)
>
> Scenario: All usernames (e.g. jsmith jbloggs) in the file
> BANDWIDTH_8MEG.txt
> get 8mb dl speed and everyone else get 1mb.
>
> I have tried the following but to no avail (shortened..):
>
> ## DELAY POOLS
> delay_pools 2
>
> ## USER AUTHENTICATION ACLs
> acl users proxy_auth REQUIRED
> acl 8MEG ident_regex "/etc/squid/ACL/BANDWIDTH_8MEG.txt"
> ..
> ..
> http_access allow users
> ..
> ..
> delay_parameters 1 -1/-1 -1/-1 -1/-1 8000000/8000000
> delay_parameters 2 -1/-1 -1/-1 -1/-1 1000000/1000000
> delay_access 1 allow 8MEG
> delay_access 2 allow users
>
> Could anyone point me in the right direction? I've tried delay_access 2
> users !8MEG but still no luck... Am I approaching this the wrong way
> entirely?
>
> As an aside, is it possible to pull group membership during a Kerberos
> authentication request..? I could then apply the above to groups... but
> that's another Nabble question...
"ident" does not use any details from authentication. It's a separate
protocol with its own lookups.
Sounds to me like what you want are these changes to the above mentioned
lines:
acl 8MEG proxy_auth "/etc/squid/ACL/BANDWIDTH_8MEG.txt"
...
delay_access 2 allow !8MEG
Amos
Received on Mon Mar 01 2010 - 22:52:57 MST
This archive was generated by hypermail 2.2.0 : Tue Mar 02 2010 - 12:00:02 MST