[squid-users] ext_kerberos_ldap_group_acl - how to ? from Kris Glynn on 2013-02-07 (squid-users)

From: Kris Glynn <kris.glynn_at_virginaustralia.com>
Date: Fri, 8 Feb 2013 03:28:49 +0000

Hi,

I can not for the life of me work out how to use ext_kerberos_ldap_group_acl with squid 3.2.6

I have authentication with negotiate_kerberos_auth working fine but I also want authorisation helper for group membership.

Relevant squid.conf config below..

# Kerberos Auth
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
auth_param negotiate children 40
auth_param negotiate keep_alive on

# Group ACL Helper
external_acl_type ldap_group ttl=60 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -d -g ALL@ -D my.internal

What is the ALL@ for ? Does someone have a working config against Windows 2008 AD/LDAP ?

To be honest, at the moment I am using this external helper ext_wbinfo_group_acl which is working fine..

external_acl_type ldap_group ttl=300 children-max=50 children-startup=40 %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl -K

.. but is ext_kerberos_ldap_group_acl better or should I leave authorisation up to ext_wbinfo_group_acl since I have it working?

Is either better than the other?

Thanks
Kris

The content of this e-mail, including any attachments, is a confidential communication between Virgin Australia Airlines Pty Ltd (Virgin Australia) or its related entities (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Australia or its related entities. Please be aware that the contents of any emails sent to or from Virgin Australia or its related entities may be periodically monitored and reviewed. Virgin Australia and its related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginaustralia.com
Received on Fri Feb 08 2013 - 03:28:57 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 08 2013 - 12:00:03 MST