On 23/11/2012 7:09 a.m., Warren Baker wrote:
On Thu, Nov 22, 2012 at 3:57 PM, Warren Baker <warren@xxxxxxxxxxx> wrote:
I have squid-3.2.3 configured to make use of negotiate, and to
authenticate certain users. However the following config doesn't work
acl userA proxy_auth warren
acl userB proxy_auth testb
http_access allow userA
http_access allow userB
http_access deny all
userA successfully authenticates and can browse. userB however
obviously doesn't match userA acl and just gets presented with the
cache denied page.
Debugging the acl shows that it never moves passed the userA acl and
doesn't continue onto authenticating the 'testb' user.
I am guessing it is because testb user's browser fails with the
challenge on userA http_access test and thus it gets failed
completely. Is there a way around this?
You are guessing right. As it documented in the wiki ... (seems to be
down right now).
The way around it is to combine userA and userB into one ACL, or to
check auth and use the "all"-hack to prevent auth challenges on username
mismatch.
1)
acl users proxy_auth userA userB
http_access allow users
http_access deny all
2)
acl login proxy_auth REQUIRED
acl userA proxy_auth userA
acl userB proxy_auth userB
http_access deny !login
http_access allow userA all
http_access allow userB all
http_access deny all
Amos
