Re: [squid-users] authenticate_ttl not working from Henrik Nordstrom on 2002-12-09 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 10 Dec 2002 03:06:32 +0100

There is a few examples in the documentation to the various
external_acl helpers.

Please note that the updated LDAP group helper also includes some
additional documentation which will be included in 2.5.STABLE2.

Regards
Henrik

On Tuesday 10 December 2002 02.52, Lee, Jason wrote:
> Thank you. Are you able to give me some examples of the
> external_acl_type directive, command line options and acl
> directive.
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Tuesday, 10 December 2002 11:27 AM
> To: Lee, Jason
> Cc: Squid Users
> Subject: Re: [squid-users] authenticate_ttl not working
>
> On Tuesday 10 December 2002 02.01, Lee, Jason wrote:
> > I am unsure how the external_acl_type fits in with the current
> > auth_param. How/Where do you actually specify a group to check if
> > you are a member. How do you get a custom error message back to
> > the browser.
>
> Both proxy_auth and external_acl_type using %LOGIN in the format
> specification is users of the authentication schemes configured by
> auth_param.
>
> proxy_auth matches individual user names.
>
> external_acl_type sends the configured data (username + group for
> group helpers) external helper which is responsible for verifying
> if the data is true or false.
>
> In both cases the user will be asked to authenticate himself if not
> yet authenticated.
>
>
> The group to check membership can either be specifiec in the
> external_acl_type directive as command line options to the selected
> helper, or more preferred via the acl diretive conneting to the
> external_acl_type. By using the acl directive for specifying the
> group(s) you can reuse the same external_acl_type definition for
> multiple different groups, hence the name "external_acl_type"
> (defines a new type of acl, using a helper to verify it it is a
> match or not).
>
>
> Returing custom error messages is done by the deny_info directive.
> Works identical for all the acl types except for a small difference
> on proxy_auth type acls where the user will be asked to
> reauthenticate if denied by a proxy_auth type acl and the custom
> message is only visible if the login request is cancelled (does not
> external acls at this time. there the user will simply be denied
> access).
>
> Regards
> Henrik
Received on Mon Dec 09 2002 - 19:08:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:58 MST