SV: Re: proxy_auth again... :-( from Per.E.Berger@dont-contact.us on 1999-03-04 (squid-users)

From: <Per.E.Berger@dont-contact.us>
Date: Thu, 4 Mar 1999 16:54:32 +0100

OK, thanks! That worked! Well, almost... I get a login screen but even
if I type the right combination it does not let me in... Sigh... I've
used htpasswd from apache 1.3.3 to create the passwd-file...

/Per

On Thu, 4 Mar 1999 14:12:21 +0100 Per.E.Berger@telia.se wrote:

> Hi gang!
>
> I have searched for this one and cannot find it... However I am sure
> the answer is somewhere out there but as my brain is a bit fried at
the
> moment because of too much work I thought I'd ask you all with your
> minds still intact... :-)
>
> I have installed ncsa_auth. I want to use it to force users from a
> specific subnet to provide user/pass but no one else should need to.
>
> How do I write the ACL:s? I have ncsa_auth up and running...

  acl authnet src 192.168.1.0/255.255.255.0
  acl noauthnet src 192.168.0.0/255.255.0.0
  acl passwdauth proxy_auth REQUIRED

  http_access allow authnet passwdauth
  http_access allow noauthnet
  http_access deny all

The first allows access if the client is on 'authnet' and the
'passwdauth' password checking rule is OK.

The second allows access if the client is anywhere on the more general
'noauthnet', without password checking.

(I presume squid denies access if the password bit fails in the first
rule? And won't proceed on to allow it at the second rule? If not, I
guess you have to stick a rule in between 1 and 2 called 'http_access
deny authnet'.)

- Bob

------------------------------------------------------------------------

----
  The Day Today             ... because FACT times IMPORTANCE equals 
NEWS!
------------------------------------------------------------------------
----
  Bob "Mince" Franklin ~{], CNE ;), MCSE ;)           Tel. (0118) 931 
8432
  Systems and Communications                          Fax. (0118) 975 
3094
  IT Services                                   
R.C.Franklin@reading.ac.uk
  University of Reading, U.K.          
http://www.reading.ac.uk/~suq96rcf/
------------------------------------------------------------------------
----
 <<Fil: Re_ proxy_auth again...TXT>>

Received on Thu Mar 04 1999 - 08:59:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:08 MST