[squid-users] RE: SquidGuard & NT Groups

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 06 Mar 2003 12:15:52 +0100

Squid only knows that the user matched you http_access rules, not that
one of the acls used happens to be a user group.

The mechanism used in Squid for group membership verifications is a
generic acl lookup mechanism via external helpers, not at all restricted
to group memberships. A example of another use included in the Squid
distribution is an acl which restricts each user to only his IP address
by having a text file listing usernames and their allowed IP address,
but it can also be used for implementing Cookie based authentication in
http accelerators and many other things which probably no-one has
thought of yet. Kind of a swiss army knife in Squid access controls..

Regards
Henrik

tor 2003-03-06 klockan 11.20 skrev Jay Turner:
> Not even via wb_group somehow?
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Thursday, 6 March 2003 3:38 PM
> To: jturner@bsis.com.au; Phil Crooker
> Cc: squidguard@squidguard.org
> Subject: Re: SquidGuard & NT Groups
>
>
> On Thursday 06 March 2003 01.42, Jay Turner wrote:
>
> > Is there no way squid could be modified to pass group information
> > through to the redirector?
>
> Not easily. Squid does not actually know the group.
>
> What could work is to have Squid tag the request if it matches a
> certain http_access rule, and have this tag sent to redirectors.
>
> Regards
> Henrik
>

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Thu Mar 06 2003 - 04:16:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST