samba - Aug 2006 - Ntlm_auth possible feature request.

We are looking to use ntlm_auth with the --require-membership-of= option
to restrict user access to the squid proxy.

Although this is a works great, because nearly all our users are given
Internet access, there is extra overhead of adding every user to the
"Allow Internet Group". It would make sense (to me anyway) to have the
inverse of this option, so as default everyone is granted access except
for a --not-member-of="Deny Internet Group". This allows simpler
administration of the user access group, assuming you have less users
being denied Internet access.

Thanks

Dean.

On Thu, 2006-08-03 at 14:31 +0100, Plant, Dean wrote:
> We are looking to use ntlm_auth with the --require-membership-of= option
> to restrict user access to the squid proxy.
> 
> Although this is a works great, because nearly all our users are given
> Internet access, there is extra overhead of adding every user to the
> "Allow Internet Group". It would make sense (to me anyway) to
have the
> inverse of this option, so as default everyone is granted access except
> for a --not-member-of="Deny Internet Group". This allows simpler
> administration of the user access group, assuming you have less users
> being denied Internet access.
I think this is a useful idea.  Can you file a bug, so at least it is
forgotten in two places?

Feel free to try and knock up a patch :-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20060805/73d2b0e4/attachment.bin