-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/14/2013 08:07 AM, Martin Kosek wrote: > On 03/13/2013 11:02 PM, Natxo Asenjo wrote: >> On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney >> <[email protected]> wrote: >>> I've just deployed a RHEL 6.4 proxy and the guide is still accurate and >>> works.. however I agree a config file would be a better place for the >>> options. Both work at the end of the day. >> >> yes, the guide is accurate, but upgrading to meet a bunch of angry >> users is not nice ;-) >> >>> I'm more curious as to why your squid init script was replaced instead >>> of the usual scenario of having the new file saved as .rpmsave. >> >> beats me. Anyway, config stuff should go in /etc/sysconfig, period ;-) >> ; we should not be touching the init scripts. The init scripts source >> the files in /etc/sysconfig/* >> >>>> By the way, I came accross http://squidkerbauth.sourceforge.net/ >>>> squid_kerb_ldap to allow/block stuff in the proxy depending on ldap >>>> group membership. I have not tested it yet, but will post it if(when) >>>> I get it working. >>> You can also check out SquidGuard, which is available in EPEL. >> >> ha, squid_kerb_ldap is not a proxy, it is an authenticator for squid >> and what it does is verify the group membership of the users so you >> can build ACLs based on that. >> >> squidguard is nice. I like privoxy too ;-) >> >>> I've written an article for Active Directory, however it is just as easy >>> to use it with IPA. >>> https://www.dalemacartney.com/2012/07/06/web-proxy-filtering-with-squidguard-using-active-directory-group-memberships/ >> >> cool, thanks. >> > > Hi guys, > > Dale, do you plan to update the howto on FreeIPA wiki to fix the configuration > section? If not, I can try to update it myself. I agree with Natxo that having > the configuration in /etc/sysconfig/squid is safer than having it hacked in the > init script. > > Thanks both to sharing this info btw :-) > > Martin Yes mate, I've literally just walked into the office and connected to vpn. Will be updating momentarily. Dale > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRQYYOAAoJEAJsWS61tB+qsxQQAIYH66+JbEfCYzz8IwFmRsMF S1sypbom5pyVcUlw9Bcd846dLoKF5iD+FxPOHG+kQY5qyz2I7lx6MW47jE0Giimc w3T5ZdkqC85KLIrr+zLievy922j+MFaMQKMMbURS0DTcl4KI7vLpRy6hnCelXPb3 KMoEDsSxtN0K3nxs9nokKWIjCOrMUBCH9AtZb94nVbwPeyzo58v9cN7kqSIVVXQO aQCz8fipM9dgoCPMpxT53nWd5+CTMURuhdf1MVHCcvRyUNFyFWTPo97lZ5Gzyqjd svT0ho4q2jn9+hxawyfkI0tNY57DXKGF+5iti2X1EQmC43V1Grg+WbSiZIxPDOZg hzX6Eh7STLRmj6IHdoiX0kqAirYFp54Uma4uZdWQYRKr0PY+gOXDDjaSdqmqvEZK qvJRxQiP8ouT5QgwS2lp9KiEfjk5p/X1QvXKNWFKVB6B31rxYNBcpcYTLvjSUl9l 74Q5kTlr37xnmwNGVGQETLZXu3rHa9UfZrwdcEVGWu2exUxeKJI05iMqhqj8WO5X R/bWkQxmDIgA9M26o1bBJP1gVWUW6/bNpGlhpgIwTx2A2UTfzNmhqeEyVjPnT/B1 a4smehAJRLDvxQXBH9e5+pI9GK5esp3rYcrm6sYJNDhrdZ0D2MuF5gmaotEMZqCH B47sN4nub3xYZTWc4fYG =5Wzd -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
