Re: [squid-users] Re: Authentication problem

From: Amos Jeffries <>
Date: Fri, 23 Nov 2012 23:05:47 +1300

On 23/11/2012 7:09 a.m., Warren Baker wrote:
> On Thu, Nov 22, 2012 at 3:57 PM, Warren Baker <> wrote:
>> I have squid-3.2.3 configured to make use of negotiate, and to
>> authenticate certain users. However the following config doesn't work
>> acl userA proxy_auth warren
>> acl userB proxy_auth testb
>> http_access allow userA
>> http_access allow userB
>> http_access deny all
>> userA successfully authenticates and can browse. userB however
>> obviously doesn't match userA acl and just gets presented with the
>> cache denied page.
>> Debugging the acl shows that it never moves passed the userA acl and
>> doesn't continue onto authenticating the 'testb' user.
> I am guessing it is because testb user's browser fails with the
> challenge on userA http_access test and thus it gets failed
> completely. Is there a way around this?

You are guessing right. As it documented in the wiki ... (seems to be
down right now).

The way around it is to combine userA and userB into one ACL, or to
check auth and use the "all"-hack to prevent auth challenges on username

  acl users proxy_auth userA userB
  http_access allow users
  http_access deny all

  acl login proxy_auth REQUIRED
  acl userA proxy_auth userA
  acl userB proxy_auth userB

  http_access deny !login
  http_access allow userA all
  http_access allow userB all
  http_access deny all

Received on Fri Nov 23 2012 - 10:06:07 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 23 2012 - 12:00:05 MST