[squid-users] kerb auth groups KV note acl config
Amos Jeffries
squid3 at treenet.co.nz
Thu Mar 16 10:53:53 UTC 2017
On 16/03/2017 11:12 p.m., Mike Surcouf wrote:
> @Amos
>
> Thanks for this
>
> so to recap if I currently have
>
> auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
> auth_param negotiate children 20
> auth_param negotiate keep_alive on
>
> external_acl_type InternetAccessBanking %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -u ldaps://aesdc02.surcouf.local:636 -b cn=SSSUsers,dc=surcouf,dc=local -g InternetAccessBanking
>
> I could replace it by
>
> auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
> auth_param negotiate children 20
> auth_param negotiate keep_alive
>
> acl InternetAccessBanking note group S-1-5-21-123456789-123456789-123456789-1234
>
>
> Note where S-1-5-21-123456789-123456789-123456789-1234 is the SID for the group InternetAccessBanking
>
>
Yes.
Amos
More information about the squid-users
mailing list