Hi.
I'm using squidGuard for content filtering and it's great (fast and reliable).
Till now I've been using Squid and squidGuard block/don't block based on IP adresses. But now, because some "new" policies, I must do the control based on username and groups of my LDAP server.
Ok. I did it fine with pam_auth, pam_auth and ldap_groups, but I'm having trouble to integrate all this with squidGuard (all blocking mechanism). And, moslty, my problems were originated because the way the "new" poilicies must be implemented. See bellow:
1. the user enter a URL in his browser;
2. if the URL is authorized, the navigation goes on, no blocking;
3. if the URL is not authorized (porn, gambling, ...), there must be authentication (via pam_auth + pam_ldap);
4. then after user authenticates, it's verified against LDAP groups to see if he belongs to NOBLOCK group;
5. if yes (the user belongs to NOBLOCK group), the navigation goes on, no blocking, but logged;
6. if no (the user doens't belong to NOBLOCK group), the navigation is denied.
So, I know that it's a bit complex (and the e-mail a bit longer), my question is: how can I implement this using squidGuard?
Maybe the developers or some user from the list could have a thought or two on this issue.
Thanks in advance.
MaurícioWP.
MaurícioWP.
............................................................
Maurício Westendorff Pegoraro
Analista de Sistemas - Segurança
ADP Brasil
Suporte ADP RBS
51 3218-6227
mauricio.pegoraro@adprs.com.br
............................................................
Received on Wed Oct 22 2003 - 12:15:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:36 MST