| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
A potential customer of ours want to have two separate groups of web
users, let us call them A and B. He wants group A to have access all of
the time, while group B only should have access inside working hours.
My first idea was that this could be realized with the new
authentication in 3.0 by manually adding a 'no wwwproxy outside
business hours except A'. But would this statement prevent all from
even doing the authentication? (It would if it would override the
'relay' statement).
Can someone in the know about acl's in practice tell me whether it
would work? I have no test possibilities at the moment.
Bj�rn
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1901.1 | A possible cron alternative? | OSL09::BJORNMY | Open but Secure | Tue Apr 01 1997 09:41 | 11 |
An alternative solution that occured to me is to use cron to do it:
Prepare two files wwwday.acl and wwwnight.acl (with corresponding .CHK
files) and run something like:
cp /usr/dfws/config/wwwday.acl /usr/dfws/config/wwwproxy.acl
cp /usr/dfws/config/wwwday.acl.CHK /usr/dfws/config/wwwproxy.acl.CHK
kill -9 `ps aux|fgrep wwwproxy|awk '{print $2}'`
in the morning and something similar at night. Has anybody tried this?
Bj�rn
| |||||
| 1901.2 | CHEFS::16.202.2.132::PITT | Gone with the winsock ... | Thu Apr 03 1997 05:44 | 15 | |
I haven't tried it, but I had had a similar requirement from a customer, and was thinking along the same lines. The other thing you have to address is which file is relevant at startup time. During the startup, you must put the correct file in place, because the machine might have been down at the time the cron job should have change the file. I suspect that a KILL -HUP is sufficient, so that you don't have to restart the proxy ... Let us know when you've done it, and please make the necessary scripts available! Cheers, T | |||||