On Mon, 1 Mar 2010 07:46:47 -0800 (PST), nickcx <ncairncross@xxxxxxxxxxxxxxx> wrote: > Hi All, > > I am working on Delay Pools at the moment and wanted to get some advice. > Currently, I am using Kerberos Authentication for all users in a very > simple > configuration. All users are required to authenticate for http_access, > which > works fine. I would now like to limit their bandwidth but with different > limits for sets of users. To make things easy this question has just one > 'special' group, but I would like more than that (eg 1mb, 2mb, 4mb, 8mb) > > Scenario: All usernames (e.g. jsmith jbloggs) in the file > BANDWIDTH_8MEG.txt > get 8mb dl speed and everyone else get 1mb. > > I have tried the following but to no avail (shortened..): > > ## DELAY POOLS > delay_pools 2 > > ## USER AUTHENTICATION ACLs > acl users proxy_auth REQUIRED > acl 8MEG ident_regex "/etc/squid/ACL/BANDWIDTH_8MEG.txt" > .. > .. > http_access allow users > .. > .. > delay_parameters 1 -1/-1 -1/-1 -1/-1 8000000/8000000 > delay_parameters 2 -1/-1 -1/-1 -1/-1 1000000/1000000 > delay_access 1 allow 8MEG > delay_access 2 allow users > > Could anyone point me in the right direction? I've tried delay_access 2 > users !8MEG but still no luck... Am I approaching this the wrong way > entirely? > > As an aside, is it possible to pull group membership during a Kerberos > authentication request..? I could then apply the above to groups... but > that's another Nabble question... "ident" does not use any details from authentication. It's a separate protocol with its own lookups. Sounds to me like what you want are these changes to the above mentioned lines: acl 8MEG proxy_auth "/etc/squid/ACL/BANDWIDTH_8MEG.txt" ... delay_access 2 allow !8MEG Amos
