[squid-users] kerb auth groups KV note acl config
Mike Surcouf
mikes at surcouf.co.uk
Thu Mar 16 11:43:17 UTC 2017
Ok I see Markus code moved into the main package for 4.
Quick question his code in there seems almost identical to 3.5 (at least on github mirror)
Currently cache is on Centos v6 and I use Eliezer's excellent rpms.
Do you think this will work with squid and squid-helpers 3.5.23?
-----Original Message-----
From: Amos Jeffries [mailto:squid3 at treenet.co.nz]
Sent: 16 March 2017 10:54
To: Mike Surcouf; squid-users at lists.squid-cache.org
Subject: Re: [squid-users] kerb auth groups KV note acl config
On 16/03/2017 11:12 p.m., Mike Surcouf wrote:
> @Amos
>
> Thanks for this
>
> so to recap if I currently have
>
> auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
> auth_param negotiate children 20
> auth_param negotiate keep_alive on
>
> external_acl_type InternetAccessBanking %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -u ldaps://aesdc02.surcouf.local:636 -b cn=SSSUsers,dc=surcouf,dc=local -g InternetAccessBanking
>
> I could replace it by
>
> auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
> auth_param negotiate children 20
> auth_param negotiate keep_alive
>
> acl InternetAccessBanking note group S-1-5-21-123456789-123456789-123456789-1234
>
>
> Note where S-1-5-21-123456789-123456789-123456789-1234 is the SID for the group InternetAccessBanking
>
>
Yes.
Amos
More information about the squid-users
mailing list