Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 808

and the last
http_access deny all
redirect_program /usr/bin/squidGuard
With this option, specify a redirector such as squidGuard, which allows blocking
unwanted URLs. Internet access can be individually controlled for various user
groups with the help of proxy authentication and the appropriate ACLs. squidGuard
is a separate package that can be installed and configured.
auth_param basic program /usr/sbin/pam_auth
If users must be authenticated on the proxy, set a corresponding program, such as
pam_auth. When accessing pam_auth for the first time, the user sees a login window
in which to enter the username and password. In addition, an ACL is still required,
so only clients with a valid login can use the Internet:
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
The REQUIRED after proxy_auth can be replaced with a list of permitted usernames
or with the path to such a list.
ident_lookup_access allow <acl_name>
With this, have an ident request run for all ACL-defined clients to find each user's
identity. If you apply all to the <acl_name>, this is valid for all clients. Also, an
ident daemon must be running on all clients. For Linux, install the pidentd package
for this purpose. For Microsoft Windows, free software is available for download
from the Internet. To ensure that only clients with a successful ident lookup are
permitted, define a corresponding ACL here:
acl identhosts ident REQUIRED
http_access allow identhosts
http_access deny all
Here, too, replace REQUIRED with a list of permitted usernames. Using ident can
slow down the access time quite a bit, because ident lookups are repeated for each
request.
790 Installation and Administration