RE: Lock down WWW Access

Does anyone know if I can use pass thru authentication with squid? I'm
running AD on the windows side of the house, and would like it so that
my users wouldn't have to manually enter their AD credentials when
browsing the web. Thanks for your help.

Aaron

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Paul Dwerryhouse
Sent: Sunday, February 26, 2006 7:54 PM
To: redhat-list@xxxxxxxxxx
Subject: Re: Lock down WWW Access

On Fri, Feb 24, 2006 at 04:52:00PM -0800, Job Cacka wrote:
2. Have the option to allow or deny WWW access per login. Without
restricing local browser functionality.

Force your users to use a squid proxy server that requires
authentication the first time that they access websites outside your
local network. Then, there's a number of ways you could deny access to
specific users.

Given that I tend to use LDAP for authentication, I'd probably use an
LDAP-filter based method to allow users in. Alternatively, a quick look
at squid's config file suggests that acls can be used to allow or deny
users based on login name.

Cheers,

Paul


--
Paul Dwerryhouse | PGP Key ID: 0x6B91B584
========================================================================
Building Java RPMS for Redhat Enterprise Linux:
http://nepotismia.com/redhat/java/

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates

Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • RE: Webrouting to a SQUID-proxy
    ... You can route to a Squid server, but if it requires authentication you ... How can I route all traffic for the above destination set ...
    (microsoft.public.isaserver)
  • RE: Lock down WWW Access
    ... I think you should use squid together with Samba, ... Samba authentication helper with user authentication questions and that ... The information contained in this electronic message is intended for ...
    (RedHat)
  • Re: Question about dmz security
    ... > After removing access to the internal lan of course, ... I run squid, and I like it for what it does: ... That's if the admin sets up authentication, ...
    (Security-Basics)
  • configuring Squid as a Transparent proxy in BSD with ipfw
    ... Does anyone knows how can i configure Squid as a Transparent proxy ... using IPFW assuming that i have already configured Squid with Samba ... authentication and get the internet connection ...
    (freebsd-questions)
  • Problems with squid, ntlm auth and a win2k PDC
    ... I need to setup a squid 2.5 with ntlm auth so windows XP users already ... i tried run all authentication helpers from the command line, ...
    (comp.os.linux.networking)