[squid-users] benefits of using ext_kerberos_ldap_group_acl instead of ext_ldap_group_acl
Simon Staeheli
sis at open.ch
Wed Jan 21 07:12:38 UTC 2015
> I think that refers to a work in progress. Markus maintains the
> un-bundled version of his helpers a little in advance of what has made
> it into the Squid stable branch. Some of what is available in his
> helper downloads is only in the Squid-3.HEAD alpha development code so
> far.
>
> I am working on obsoleting the need for external group helpers. From
> 3.5 auth helpers can deliver to Squid a set of group= kv-pair in their
> response. Those can be used with the note ACL type to check group
> names without any external_acl_type helper lookup (making group checks
> possible in 'fast' access controls).
>
> Markus joined me in this project and his latest kerberos auth helper
> (in 3.HEAD and his versions - *not* the 3.5 bundled version) produces
> group= kv-pair. Unfortunately they are in the obscure S-*-*-* registry
> ID format MS uses. The external_acl_type helper interface cannot yet
> be passed notes to decipher that to a known group name.
>
> Amos
This sounds like an awesome feature. Have you got an idea when this
functionality will be added to the stable branch? Something like 'this
year', 'next year' or later?
More information about the squid-users
mailing list