Michael_Grasso_at_cadc.uscourts.gov wrote:
> I setup two reverse proxy sites with LDAP authentication. Authentication
> works fine when I access
> either site. The problem I'm having is after I authenticate to either site,
> I try and access a url on the other site and I'm prompted to authenticate
> again. How can I tell squid to check the authenticated user and stop
> prompting me
> for another login?
I guess that depends on your auth_param settings or LDAP configuration,
which you omitted.
It's not part of the domain routing config you show below.
>
> Below is my squid.conf setup of both sites. Thanks....
>
> acl ldap-auth proxy auth REQUIRED
> http_access allow ldap-auth
>
> http_port x.x.x.x:80 accel defaultsite=intranet.cadc.circdc.dcn
> cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet1
> round-robin
> cache_peer x.x.x.x parent 80 0 no-query originserver name=intranet2
> round-robin
> acl sites_intranet dstdomain intranet.cadc.circdc.dcn
> http_access allow sites=intranet
> cache_peer_access intranet1 allow sites_intranet
> cache_peer_access intranet2 allow sites_intranet
>
> http_port x.x.x.x:80 accel defaultsite=www.cadc.circdc.dcn
> cach_peer x.x.x.x parent 80 0 no-query originserver name=iis
> acl sites=iis dstdomain www.cadc.circdc.dcn
> http_access allow sites=iis
> cache_peer_access iis allow sites=iis
>
> http_access deny all
>
Just a note, personally I'd add the ldap-auth ACL to the end of each of
the "http_access allow sitesX" lines instead of globally at the top.
That would prevent wasting auth resources on people requesting
unacceptable domains.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Sat Jan 09 2010 - 12:14:07 MST
This archive was generated by hypermail 2.2.0 : Sat Jan 09 2010 - 12:00:03 MST