Search squid archive

Re: Authentication/Authorization Challenge

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 06 Jul 2011 15:42:18 +0200, Robert Velter wrote:
Hi Amos,

thanks for your clarification and the link. So i try now the following:

1) Add a working basic auth to auth_param (probably ldap_auth).
2) Modify the access list from
      http_access allow ldapgroup-access
      http_access deny all
   to
      http_access deny !ldapgroup-access
      http_access allow all


Its not clear from your original post if you need the group checking on Basic auth'ed users. You might want something like this to require *a* login, but not block basic auth user with the group-check:


  acl authed proxy_auth REQUIRED
  acl authBasic req_header Proxy-Authenticate ^Basic

# if NOT logged in as basic do the group check. re-auth if that fails.
  http_access deny !authBasic !ldapgroup-access

# only gets here if (a) auth via Basic, or (b) auth via NTLM/Negotiate with group checked OK.
  http_access allow authed

  # for config clarity. Should not actually be reachable.
  http_access deny all


Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux