Re: [SQU] Has anyone managed to have 2 password files in use

From: Robert Collins <robert.collins@dont-contact.us>
Date: Wed, 24 Jan 2001 09:09:40 +1100

You don't need two password lists, all you need to do is make a new proxy auth acl, and combine that with the access rules:

ie squid.passwd has all the users for staff and students.

then
acl students proxy_auth <list of student usernames, or a file reference for a list of student usernames>
acl staff proxy_auth <as above for staff>

http_access deny deniedsites
http_access deny advertimages
http_access deny porn
http_access deny !students !staff
http_access deny students !okTime
http_access allow allowedsites
http_access allow noporn

and if you want staff only sites insert
http_access allow staff staffonly before the allow allowedsites line.

This config will
force all users to authenticate
deny access to denied sites for all users,
only allow students during okTime

Rob

----- Original Message -----
From: "Mark Worsdall" <squid@wizdom.org.uk>
To: <squid-users@ircache.net>
Sent: Wednesday, January 24, 2001 8:21 AM
Subject: [SQU] Has anyone managed to have 2 password files in use

> Hi,
>
> I want to have 2 password files being used by the authenticate_program,
> 1 (passwd.staff) is will be authenticated before any time checking (i.e.
> these users may access the net anytime so long as they authenticate
> themselves), the 2nd file passwd.students will be used as we use it now
> (access to the net between 8am 6:30pm if authenticated correctly).
>
>
> This is the current setup:-
>
> # TAG: authenticate_program
> # Specify the command for the external authenticator. Such a
> # program reads a line containing "username password" and replies
> # "OK" or "ERR" in an endless loop. If you use an authenticator,
> # make sure you have 1 acl of type proxy_auth. By default, the
> # authenticator_program is not used.
>
> authenticate_program /usr/local/sbin/ncsa_auth /usr/local/etc/squid/squi
> d.passwd
>
> acl advertimages url_regex "/usr/local/etc/squid/adverts.txt"
> acl deniedsites url_regex "/usr/local/etc/squid/squid-deny.txt"
> acl allowedsites url_regex "/usr/local/etc/squid/squid-allow.txt"
> acl porn url_regex "/usr/local/etc/squid/porn.block.txt"
> acl noporn url_regex "/usr/local/etc/squid/porn.unblock.txt"
> acl okTime time MTWHF 09:00-18:30
> acl okTime2 time MTWHF 00:00-8:30
> acl password proxy_auth 300
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #acl aclname src
> http_access allow allowedsites
> http_access deny deniedsites
> http_access deny advertimages
> http_access allow noporn
> http_access deny porn
> http_access allow password
> http_access allow okTime all
> http_access allow okTime2 all
>
>
> So the new setup would be:-
>
> (sorry I'm lost)
>
> M.
> --
> He came from Econet - Oh no, I've run out of underpants :(
> Home:- jaydee@wizdom.org.uk http://www.wizdom.org.uk
> Shadow:- webmaster@shadow.org.uk http://www.shadow.org.uk
> Work:- netman@hinwick.demon.co.uk http://www.hinwick.demon.co.uk
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Jan 23 2001 - 15:12:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:32 MST