On Mon, 1 Nov 2004, Glenn Baptista wrote:
I realise that user authentication in squid is done via an external authentication program (e.g. NCSA module) with the appropriate password file. Administratively it is preferable to write Authentication ACLs using Groups rather than User Names. Hence grouping ACLs are defined that enumerate users within a group. Each time a new user is added, besides the passwd file, even the squid.conf file has to be modified to add the user to the required group ACL.
Actually most prefers if the proxy connects to the user directory you have (LDAP / MSAD / Novell NDS / NIS / whatever..)
Instead of each time modifying the squid.conf file, is it possible to utilise another file (e.g. group.conf) where we may define ACLs that assign users to groups, while maintaining the squid.conf file constant, and including the group.conf into squid.conf using some sort of an include statement?
Yes, as is documented in the acl directive
acl aclname type "/path/to/file"
Also is it possible to add the user group(s) directly to the /squid/etc/passwd file that is used by the NCSA module or is there some other authentication module that takes care of user groups?
ncsa_auth only takes care of authenitcation, not authorization.
Regards Henrik
