Re: [squid-users] Delay pool question

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 18 Dec 2010 02:25:29 +1300

On 17/12/10 23:23, Nick Cairncross wrote:
> Hi List,
>
> A quick Delay Pool question..and a favour..
>
> Currently using basic Delay Pool configuration for users:
>
> delay_class 1 4
> delay_parameters 1 -1/-1 -1/-1 -1/-1 2000000/2000000

Careful with those big numbers. They are in *bytes* and only the recent
versions of Squid can cope with >32-bit values.

> delay_access 1 allow !SERVERSUBNETS AuthenticatedUsers
> delay_access 1 deny all
>
> Users authenticate via Kerberos, NTLM and then Basic (in that order)
>
> My question is; by using AuthenticatedUsers does that require another authentication or is the original one re-used from my acl (acl AuthenticatedUsers proxy_auth REQUIRED) and http_access rule (http_access allow AuthenticatedUsers).

auth happens only once per request. As long as its checked in
http_access delay pools can use the results. delay pools is a "fast"
category test so does not challenge for credentials on its own, and will
not match if they are unknown or missing at the time of pool assignment.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.3
Received on Fri Dec 17 2010 - 13:25:38 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 21 2010 - 12:00:03 MST