Re: [squid-users] Proxy Authentication optional
On Saturday 24 July 2021 at 09:23:52, Dieter Bloms wrote: > Hello, > > I want to implement user authentication (kerberos) on an already existing > proxysystem without user authenticaion. But I know that there are clients, > which can't do any authentication. Can you identify these clients in some way, such as IP address, so that they can pass an ACL before authentication is requested? > So is it possible to configure squid, that it ask for proxy > authentication credentials, but if the client can't authenticate skip > this acl and go on with the next acls ? Sounds like a recipe for people bypassing authentication by simply refusing to authenticate, and getting allowed through. What is your purpose in implementing authentication, if you also want some clients to get access without authenticating? What advantage does authenticating give the ones who do? Antony. -- "Linux is going to be part of the future. It's going to be like Unix was." - Peter Moore, Asia-Pacific general manager, Microsoft Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Proxy Authentication optional
Hello, I want to implement user authentication (kerberos) on an already existing proxysystem without user authenticaion. But I know that there are clients, which can't do any authentication. So is it possible to configure squid, that it ask for proxy authentication credentials, but if the client can't authenticate skip this acl and go on with the next acls ? I tried something like this, but without success: --snip-- # kerberos authentication auth_param negotiate program /usr/sbin/negotiate_kerberos_auth -s HTTP/www-proxy.mydomain -k /etc/squid/HTTP.keytab auth_param negotiate children 10 auth_param negotiate keep_alive on acl kerberosauth proxy_auth REQUIRED acl noauth_port localport 8880 acl give_access any-of kerberosauth noauth_port http_access allow give_access --snip-- -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users