[squid-users] Squid authentication objects by source ip
hans.peter.wurst2000
hans.peter.wurst2000 at protonmail.com
Wed Apr 12 11:14:35 UTC 2023
Hello,
i have currently a problem to setup squid authentication with kerberos. The problem is not the authentication itself. It works fine, but only for one AD-Domain. I have 6 AD Domains that have to authenticate trough this squid-proxy. In the documentation "https://wiki.squid-cache.org/Features/Authentication" i have seen that my problem could be solved by using full plain authentication with ldap. And that is the current way i will solve this. But for future squid releases would it be possible to change the Proxy authentication function to filter authentication methods by source ip.
Example:
auth_param 1 negotiate program /usr/sbin/squid_kerb_auth
-k /etc/squid/HTTP_Domain1.keytab
auth_param 1 negotiate children 10
auth_param 1 negotiate keep_alive on
auth_param 2 negotiate program /usr/sbin/squid_kerb_auth
-k /etc/squid/HTTP_Domain2.keytab
auth_param 2 negotiate children 10
auth_param 2 negotiate keep_alive on
acl dom1-auth src 10.15.0.0/255.255.255.0 proxy_auth 1 REQUIRED
acl dom2-auth src 10.16.0.0/255.255.255.0 proxy_auth 2 REQUIRED
http_access allow dom1-auth
http_access allow dom2-auth
http_access deny all
I have show an example here by separate the authenticators by numbers, but it could also be an ascii word.
Filter by LDAP Groups should also be possible like before.
Thank you for your help,
Hans-Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230412/fe414b68/attachment.htm>
More information about the squid-users
mailing list