Hello everyone,
I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.
The sites I need to block except for certain groups / authentication,
etc., are not known at http_access time, only at http_reply_access time.
Because of this, I am not sure how to trigger the negotiate process and
not block authenticated users. The below does not work. I am not sure
why it doesn't, but it does block on access control / authentication for
all web sites, not just the category blocked (yes, I left the deny on
http_reply_access out below, but it exists).
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl authenticated_users proxy_auth
http_access allow !authenticated_users all
http_access allow authenticated_users all
http_reply_access allow TextConfidenceSolid SOME_ACL authenticated_users
http_reply_access allow TextConfidenceSolid ANOTHER_ACL authenticated_users
I would greatly appreciate any help in figuring this out.
Thank you,
Trever
This archive was generated by hypermail 2.2.0 : Fri Aug 30 2013 - 12:00:16 MDT