Hello, I know with squid_kerb_ldap you can list multiple groups using a colon - group1:group2. However when i try to define http access rules for specific groups I can't seem to get the acl right. At this point in time I have separate external acls for each group to make this work (see below). My question is - is there a better way to do this without so many external acls defined? Thanks external_acl_type kerbldapwebstaff ttl=3600 %LOGIN /usr/local/bin/squid_kerb_ldap -i -d -g webstaff@xxxxxxxxxxxxxxx external_acl_type kerbldapweballow ttl=3600 %LOGIN /usr/local/bin/squid_kerb_ldap -i -d -g weballow@xxxxxxxxxxxxxxx external_acl_type kerbldapwebdeny ttl=3600 %LOGIN /usr/local/bin/squid_kerb_ldap -i -d -g webdeny@xxxxxxxxxxxxxxx acl kerb_group_webstaff external kerbldapwebstaff acl kerb_group_weballow external kerbldapweballow acl kerb_group_webdeny external kerbldapwebdeny http_access allow kerb_group_webstaff http_access allow kerb_group_weballow http_access allow kerb_group_webdeny -- Roy Anciso Director of Technology Manistee Intermediate School District 772 East Parkdale Avenue Manistee, MI 49660 Ph: 231-723-4264 Fx: 231-398-3036 roy@xxxxxxxxxxxx