[KLUG Members] Squid and ntlm_auth
Adam Tauno Williams
awilliam at whitemice.org
Wed Sep 7 07:12:25 EDT 2005
Quoting Komal <agencies_ad1 at sancharnet.in>:
>
>
>
>> Squid is the mechanism that is performing the user authentication,
>> through the method of either NTLM or BASIC. What ds (directory service)
>> does your Squid setup check with to identify users?
>>
>> I don't think that you have the option of using a specific ACL when NTLM
>> is used as the authentication protocol, and yet a different ACL when
>> BASIC is used as the authentication protocol. I assume that you wish to
>> check a specific ACL depending on the authentication protocol that is
>> negotiated?
>
> NO.
>
> Once there user is authenticated then I want to use user name with ACL. For
> example if user Komal is authenticated than I want user Komal to view only
> certain website irrespective of from which computer Komal is accessing
> caching server. I know with ip address it is damn easy but how to achieve
> same with user name.
ACLs evaluate to a boolean value (true or false). placing multiple acls after
an http_access clause causes the ACLs to be evaluated and then an AND
operation
is performed.
http_access allow rule1 rule2 rule3
- for instance, all rules must evaluate to true for the access to be allowed.
From the examples in the documentation...
(2) To restrict access to work hours (9am - 5pm, Monday to Friday) from IP
192.168.2/24
acl ip_acl src 192.168.2.0/24
acl time_acl time M T W H F 9:00-17:00
http_access allow ip_acl time_acl
http_access deny all
Just substitute your user matching rule in there.
--
Adam Tauno Williams - http://www.whitemice.org
More information about the Members
mailing list