Re: [SQU] proxy_auth

From: Devin Teske <devinteske@dont-contact.us>
Date: Mon, 25 Dec 2000 01:41:59 -0800

>Hi,
> Have you use the httpasswd (I can't rememebr it is the right
>spelling, it is use in the apache to create the password database)? As
>NCSA can only use the passwd database generate by it. Check on the
>apache site on how to create this password.

Yeah, I've got that done. I've completed what I set out to do, which was
just require that a password be used to get online. Just allow anyone with a
valid password online, otherwise deny access.

My next step was to make special *limited accounts*. There will be three
categories of users. Administrators, Teachers, and Students. Administrators
can go everywhere. Teachers can go anywhere except admin config pages.
Students can only go to a one or two places.

I know I can set it up statically through the squid.conf file. For example

acl admins proxy_auth /usr/etc/auth/admin
acl teachers proxy_auth /usr/etc/auth/teachr
acl students proxy_auth /usr/etc/auth/studnt
acl root proxy_auth /usr/etc/auth/passwd
acl temp proxy_auth /usr/etc/auth/tempasswd

acl admnconf url_regex http\:\/\/4\.40\.170\.86\/admin.*
acl studentpages url_regex http\:\/\/www\.balthasar\.com.*
http\:\/\/www\.eye4u\.com.*

http_access allow admins
http_access allow teachers !admnconf
http_access allow students studentpages
http_access allow root
http_access allow temp
http_access deny all !admins !teachers !students !root !temp
http_access allow all

That's it. Althoug ideally, I would want to have each student have different
sites that they can go to. (I would also like to store the sites that the
students are allowed to go to externally, so that it can be modified easily
by the teachers). I think that this will work, but it is not very dynamic.

Any comments? suggestions?
Any feedback is appreciated,
Devin Teske

>****** Original Message ******
> >hello, again.
> >
> >I am having a little trouble with authentication. I just want to set it
>up
> >so that my clients have to enter a password to go online. Here's what
>I've
> >done so far.
> >
> >Installed /usr/bin/ncsa_auth
> >put "authenticate_program /usr/bin/ncsa_auth /usr/etc/passwd" into
> > configuration file
> >put "acl password proxy_auth REQUIRED" into my config file
> >put "http_access allow password" followed by "http_access deny all" into
>my
> > config file
> >
> >Is there anything else I am supposed to do? After this is done, I thought
>I
> >should be able to enter one of computers users as the log and pass to get
> >online, right? It doesn't seem to work. Can anyone help?
> >
> >Thanks,
> >Devin Teske
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Mon Dec 25 2000 - 02:44:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:06 MST