[squid-users] exterlan_acl Can't use proxy auth because no authentication schemes are fully configured.

[Amos Jeffries]

On 25/10/18 1:24 AM, mzgmedia wrote:
> hi
> 
> is possible to use external_acl also to login the users without an auth
> script?
> 

No. The closest external ACL alone can do is supply a user=X label (not
username) for logging and other purposes.

That is just a label though, based purely on guesswork by the ACL helper
using the parameters you configure Squid to pass it. So do not place as
much trust in it as you would a login or your users will start
complaining about other people using their access/accounts.


> having an auth script plus an external_acl in the same time, it will make
> the first requests very slow and our users will complain
> 

Er, helpers and "slow" ACLs are typically only slow in terms of nano or
micro seconds. Which are not humanly detectable.

The biggest delay when it comes to first-request and login is all the
time spent waiting for the users Browser to supply the credentials. A
user may spend whole seconds reading the login box title and typing
their password - either way they are too occupied to pay attention to
the timing.

There would have to be a huge amount of load or something very
inefficient about your system for users to even notice 1 vs 2 helper
checks on automated logins HTTP(S) performs once the UA / Browser has
access to the users credentials.

Amos