On 03/13/2013 11:02 PM, Natxo Asenjo wrote:
> On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney
> <d...@themacartneyclan.com> wrote:
>> I've just deployed a RHEL 6.4 proxy and the guide is still accurate and
>> works.. however I agree a config file would be a better place for the
>> options. Both work at the end of the day.
> 
> yes, the guide is accurate, but upgrading to meet a bunch of angry
> users is not nice ;-)
> 
>> I'm more curious as to why your squid init script was replaced instead
>> of the usual scenario of having the new file saved as .rpmsave.
> 
> beats me. Anyway, config stuff should go in /etc/sysconfig, period ;-)
> ; we should not be touching the init scripts. The init scripts source
> the files in /etc/sysconfig/*
> 
>>> By the way, I came accross http://squidkerbauth.sourceforge.net/
>>> squid_kerb_ldap to allow/block stuff in the proxy depending on ldap
>>> group membership. I have not tested it yet, but will post it if(when)
>>> I get it working.
>> You can also check out SquidGuard, which is available in EPEL.
> 
> ha, squid_kerb_ldap is not a proxy, it is an authenticator for squid
> and what it does is verify the group membership of the users so you
> can build ACLs based on that.
> 
> squidguard is nice. I like privoxy too ;-)
> 
>> I've written an article for Active Directory, however it is just as easy
>> to use it with IPA.
>> https://www.dalemacartney.com/2012/07/06/web-proxy-filtering-with-squidguard-using-active-directory-group-memberships/
> 
> cool, thanks.
> 

Hi guys,

Dale, do you plan to update the howto on FreeIPA wiki to fix the configuration
section? If not, I can try to update it myself. I agree with Natxo that having
the configuration in /etc/sysconfig/squid is safer than having it hacked in the
init script.

Thanks both to sharing this info btw :-)

Martin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to