Christoph,
Thanks for the advice it works well. One issue that I am concerned with
is when a user authenticates to the Proxy server from Konqueror, they have
the option to keep password.
Is there a way I can timeout or disable the ability to "Keep Password"?
I tried using a 1 hour TTL. I do not want the authorized users to
accidently open up access for users who should not have internet access.
Each user should use their own accounts with konqueror profiles. However
we have lazy end users who forget to logout when they are finished.
Jason
> On Mon, Apr 04, 2005 at 11:12:35AM -0700, mlist@fitnessworld.ca wrote:
>> We have 12 locations in our Intranet with all internet blocked except
>> for a few selected websites. Some users need full access to the
>> Internet. They use thin clients to a Debian server and are
>> configured to access select sites through our Squid Proxy. Since we
>> use one server per location. I cannot configure spefic IP addresses
>> from each client. The Proxy see's only the server IP. I think using
>> User:Password
>> Authentication would be the plausible solution. I need to know if it
>> is posible to use User:Password authentication only when needed.
>> Following the rules of the ACL; I need it only to prompt for username
>> and password when the conditions are not met. I do not want it to
>> prompt for user/password every time someone uses their web browser.
>> I understand that you must add the following to the squid.conf file.
>> authenticate_program /usr/local/squid/bin/ncsa_auth
>> /usr/local/squid/etc/passwd
>>
>> Can it be placed as a ACL condition when my existing conditions are
>> not met?
>
> ACLs work like firewall rules. They are evaluated one by the other
> until one matches. That one is run and the rest ignored. So an example
> would be:
>
> acl allowed_ips src 10.0.0.4 10.1.0.0/16 10.0.5.154
> acl authentication proxy_auth REQUIRED
> http_access allow allowed_ips
> http_access allow authentication
> http_access deny all
>
> Christoph
> --
> ~
> ~
> ".signature" [Modified] 3 lines --100%-- 3,41
> All
Received on Tue Apr 05 2005 - 17:32:04 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT