Re: [squid-users] Authentication Prompts

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 10 Sep 2011 02:31:33 +1200

On 10/09/11 01:52, Jenny Lee wrote:
>
>> Date: Fri, 9 Sep 2011 12:50:24 +1200
>> From: squid3_at_treenet.co.nz
>> To: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] Authentication Prompts
>>
>> On 09/09/11 06:28, Matt Cochran wrote:
>>> I've been trying to model two different kinds of users in ACLs, where the kids are authenticated by one account, and the adults another. The kids are allowed to go only to a whitelist of websites, but I'd like the adults to be able to override this behavior for a while if they enter their credentials. I was also trying to wire this into a db-auth environment so I can alter the accounts from my desktop.
>>>
>>> Following the guide at http://wiki.squid-cache.org/Features/Authentication#How_do_I_ask_for_authentication_of_an_already_authenticated_user.3F, I can keep the kids restricted to a site but the parents get stuck in an authentication loop or just denied access. Here's my config - can anyone help me figure this out?
>>>
>>
>>
>> Notice that would allow the kids to get a popup and re-try with parents
>> login to restricted sites without the parent being present.
>>
>>
>> What you are asking for is this:
>>
>> # login required to go anywhere at all
>> http_access deny !db-auth
>>
>> # kids to their sites
>> http_access allow !parents kids_sites
>>
>> # parents anywhere
>> http_access allow parents
>>
>> # challenge if not logged in with parents credentials
>> http_access deny !parents
>>
>> # everything else is blocked.
>> http_access deny all
>
>
> Can't we simplify this to:
>
> http_access deny !db-auth
> http_access allow kids_sites
> http_access deny all !parents
>
> Jenny

Yes you could. Thanks.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.15
   Beta testers wanted for 3.2.0.11
Received on Fri Sep 09 2011 - 14:31:38 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 09 2011 - 12:00:02 MDT