Search squid archive

Re: Kerberos authentication that doesn't block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30/08/2013 4:32 a.m., Trever L. Adams wrote:
Hello everyone,

I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.

It is a key property of secure authentication such as Kerberos that no client *starts* by shotgunning their credentials to unknown recipients.

The sites I need to block except for certain groups / authentication,
etc., are not known at http_access time, only at http_reply_access time.

Because of this, I am not sure how to trigger the negotiate process and
not block authenticated users. The below does not work. I am not sure
why it doesn't, but it does block on access control / authentication for
all web sites, not just the category blocked (yes, I left the deny on
http_reply_access out below, but it exists).

How are you defining "blocking"?

And how do you expect authentication to be performed without credentials to verify?

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux