On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo <hackensolo@xxxxxxxxx> wrote:
### http_access ruleshttp_access allow manager localhosthttp_access allow authhttp_access deny !authhttp_access allow kerbusershttp_access allow localnethttp_access deny managerhttp_access deny all
Since the rules are "first match", once you have "allow auth", squid is done. it will not look at the group membership (under "kerbusers").
you should look at the acl type "all-of" and "any-of" to build your logic:
acl authn_authz all-of auth kerbusers
might be helpful and would make your config slightly easier to read...
With that in mind, reconsider how you organize the rules...
Jok
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
