On 23/11/2012 7:09 a.m., Warren Baker wrote:
> On Thu, Nov 22, 2012 at 3:57 PM, Warren Baker <warren_at_decoy.co.za> wrote:
>> I have squid-3.2.3 configured to make use of negotiate, and to
>> authenticate certain users. However the following config doesn't work
>>
>> acl userA proxy_auth warren
>> acl userB proxy_auth testb
>>
>> http_access allow userA
>> http_access allow userB
>> http_access deny all
>>
>> userA successfully authenticates and can browse. userB however
>> obviously doesn't match userA acl and just gets presented with the
>> cache denied page.
>> Debugging the acl shows that it never moves passed the userA acl and
>> doesn't continue onto authenticating the 'testb' user.
>
> I am guessing it is because testb user's browser fails with the
> challenge on userA http_access test and thus it gets failed
> completely. Is there a way around this?
You are guessing right. As it documented in the wiki ... (seems to be
down right now).
The way around it is to combine userA and userB into one ACL, or to
check auth and use the "all"-hack to prevent auth challenges on username
mismatch.
1)
acl users proxy_auth userA userB
http_access allow users
http_access deny all
2)
acl login proxy_auth REQUIRED
acl userA proxy_auth userA
acl userB proxy_auth userB
http_access deny !login
http_access allow userA all
http_access allow userB all
http_access deny all
Amos
Received on Fri Nov 23 2012 - 10:06:07 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 23 2012 - 12:00:05 MST