[squid-users] Kerberos authentication that doesn't block

From: Trever L. Adams <trever.adams_at_gmail.com>
Date: Thu, 29 Aug 2013 10:32:58 -0600

Hello everyone,

I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.

The sites I need to block except for certain groups / authentication,
etc., are not known at http_access time, only at http_reply_access time.

Because of this, I am not sure how to trigger the negotiate process and
not block authenticated users. The below does not work. I am not sure
why it doesn't, but it does block on access control / authentication for
all web sites, not just the category blocked (yes, I left the deny on
http_reply_access out below, but it exists).

auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on

acl authenticated_users proxy_auth

http_access allow !authenticated_users all
http_access allow authenticated_users all

http_reply_access allow TextConfidenceSolid SOME_ACL authenticated_users
http_reply_access allow TextConfidenceSolid ANOTHER_ACL authenticated_users

I would greatly appreciate any help in figuring this out.

Thank you,
Trever

Received on Thu Aug 29 2013 - 16:33:16 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 30 2013 - 12:00:16 MDT