Alex Rousskov wrote:
> You mean "Proxy-Authorization:", right?
Yes.
> If I understand your proposal correctly, you want external program
> to check for cache manager password(s). That may not be a good idea
> for Squids that do not need authentication other than for cache
> manager. Those Squids would have to run one more external process
> (albeit virtually idle one) just to allow occasional cache manager
> queries...
Yes and yes, but I don't think that one extra process is a problem here.
I regard it as more of a problem to have such a inflexible and separate
access control to cachemgr as the current one is.
What about this comromise:
acl aclname manager <cachemgr_passwd actions, or ANY>
acl aclname password user:password ..., wildcard (*) user allowed if
only the correct password is required.
and that "manager shutdown" and "manager config" needs to be defined to
be allowed at all (like "method PURGE").
/Henrik
Received on Tue Jul 29 2003 - 13:15:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:56 MST