Proxy authentication with external programs (ALPHA)
---------------------------------------------------
NOTE: this is ALPHA code, it is unfinished and not very well tested.
Patch relative to Squid 1.1.20:
http://www.iae.nl/users/devet/squid/proxy_auth/proxy_auth.new
This is a further generalization of my proxy authentication code for Squid.
The authentication is moved into external 'authenticator' programs which are
allowed to block on e.g. remote lookups. The authenticate.c file is a
reworked version of the redirect.c file.
Uncomment -DUSE_PROXY_AUTH in src/Makefile before compiling. A good setting
for debug_options is "ALL,1 28,9 33,5 44,5"
New squid.conf settings:
acl password proxy_auth [timeout]
authenticator_program /home/squid/bin/authenticate
authenticator_children 5
An authenticator program should behave as such:
Input:
username cleartextpassword
Output:
OK (in case the password was OK)
ERR (in case the password was NOT OK)
Example for testing:
#!/usr/bin/perl
open(L, ">>/tmp/authenticate.log") || die "$!";
select(L); $| = 1;
select(STDOUT); $| = 1;
while (<>) {
print L;
chop;
($user, $passwd) = split;
if ($user eq "devet" && $passwd eq "test234") {
print "OK\n";
} else {
print "ERR\n";
}
}
exit(0);
A correct username/cleartextpassword is cached within Squid until
reconfigure, shutdown (of course :-), a failed proxy-authentication or
the timeout period.
TODO:
- Fix possible bugs.
- Test and clean up the code.
- Make example authenticator programs like ncsa_auth, radius_auth,
ldap_auth, pam_auth, etc.
Arjan
-- Arjan de Vet, Eindhoven, The Netherlands <Arjan.deVet@adv.IAEhv.nl> URL: http://www.IAEhv.nl/users/devet/ for PGP key: finger [email protected]Received on Sun Feb 08 1998 - 15:23:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:49 MST