Dave wrote:
----- Original Message ----- From: "Chris Robertson" <crobertson@xxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, May 10, 2006 4:58 PM
Subject: Re: per-user authentication and settings (Squid
or dg)?
Dave wrote:
Hello,
I apologize for the cross post, but i'm not sure which product,
squid with proxy and authentication, or dansguardian, with user
groups, would be best to assist with the issue i'm about to be faced
with.
I've got a transparent squid proxy set up with filtering and it
is working quite nicely. Now i have need to have user authentication
and individual user restrictions. For example, and i'll try to keep
this as close to my situation as possible, user1 has no
restrictions, can go anywhere. User2 only wants to go to yahoo
sites, specifically instant message, mail, and yahoo music. User3 is
allowed to play online games and i've got a site list of sites for
them. User4 has been bad and has not done his homework, as a result
i don't want him to have access to games, messaging, or any other
content save another list of sites i approve. My thinking is to
assign each of these users a username and an md5 password for digest
authentication, yet i don't want to install apache for access to
htdigest to pull that off. I've thought about ntlm, but that seems
overkill for this situation, more than likely these user
requirements will be varied. I'm also not sure if this is something
dg would be best at or squid at the proxy level.
Thanks.
Dave.
Which ever direction you choose, you'll have to remove the
interception (also called transparent) nature of the proxy.
http://www.swelltech.com/support/procyonguide/ch08.html
Chris
Hi,
Thanks, i was hoping not to have to do that. Do you have a similar setup?
Thanks.
Dave.
Well... Similar in that I use authentication, don't use transparency,
don't use DansGuardian, and disallow some of my users to access the net
(vs. having some users with full access and others with different
limited access). :o) If a specific site is blocked for someone, it's
blocked for all (including, obviously those that can't surf in the first
place).
For whatever it's worth, this is not due to a Squid limitation, but in
the interest of keeping the interface that my customers use as simple as
possible.
Chris