On 30/08/2013 4:32 a.m., Trever L. Adams wrote:
Hello everyone,
I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.
It is a key property of secure authentication such as Kerberos that no
client *starts* by shotgunning their credentials to unknown recipients.
The sites I need to block except for certain groups / authentication,
etc., are not known at http_access time, only at http_reply_access time.
Because of this, I am not sure how to trigger the negotiate process and
not block authenticated users. The below does not work. I am not sure
why it doesn't, but it does block on access control / authentication for
all web sites, not just the category blocked (yes, I left the deny on
http_reply_access out below, but it exists).
How are you defining "blocking"?
And how do you expect authentication to be performed without credentials
to verify?
Amos
