On 03/13/2013 11:02 PM, Natxo Asenjo wrote: > On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney > <[email protected]> wrote: >> I've just deployed a RHEL 6.4 proxy and the guide is still accurate and >> works.. however I agree a config file would be a better place for the >> options. Both work at the end of the day. > > yes, the guide is accurate, but upgrading to meet a bunch of angry > users is not nice ;-) > >> I'm more curious as to why your squid init script was replaced instead >> of the usual scenario of having the new file saved as .rpmsave. > > beats me. Anyway, config stuff should go in /etc/sysconfig, period ;-) > ; we should not be touching the init scripts. The init scripts source > the files in /etc/sysconfig/* > >>> By the way, I came accross http://squidkerbauth.sourceforge.net/ >>> squid_kerb_ldap to allow/block stuff in the proxy depending on ldap >>> group membership. I have not tested it yet, but will post it if(when) >>> I get it working. >> You can also check out SquidGuard, which is available in EPEL. > > ha, squid_kerb_ldap is not a proxy, it is an authenticator for squid > and what it does is verify the group membership of the users so you > can build ACLs based on that. > > squidguard is nice. I like privoxy too ;-) > >> I've written an article for Active Directory, however it is just as easy >> to use it with IPA. >> https://www.dalemacartney.com/2012/07/06/web-proxy-filtering-with-squidguard-using-active-directory-group-memberships/ > > cool, thanks. >
Hi guys, Dale, do you plan to update the howto on FreeIPA wiki to fix the configuration section? If not, I can try to update it myself. I agree with Natxo that having the configuration in /etc/sysconfig/squid is safer than having it hacked in the init script. Thanks both to sharing this info btw :-) Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
