Re: External Auth

From: Henrik Nordstrom <[email protected]>
Date: Thu, 19 Nov 1998 00:34:43 +0100

David Richards wrote:

> The URL is for a QUT specific. We have a messaging client here
> at QUT the runs on PC's. We use this to tell users why they have failed
> authentication. The message is usually something like so:
>
> 1) While trying to access "URL", your account went over quota.
>
> 2) Your username / password is incorrect.
>
> 3) The Authentication Server is currently unavailable.

Why bother the authenticator with this?

A better approach is to
1. Include it in the "access denied" message sent to the browser.
2. Install a error trap handler in Squid to take special actions on
errors, like sending a network message to the user.

> However, I would like to see the complete icpState being passed.

I still don't think this makes sense. The authenticator program performs
a isolated task (validating that the users authentication is valid) and
it should not be bothered with information not relevant to this task.
Having more information only complicates matters, and may fool people
into thinking that the authenticator may be used for things not really
possible at this place in Squid (like checking access based on the URL).

There is no such thing as a "icpState" in Squid 2. State information is
kept at several layers/subsystem (client connection, request being
processed, user authentication, access control, ...) where each is
partially independent of the other (and some are not very independent at
all).

---
Henrik Nordstrom
Spare time Squid hacker
Received on Wed Nov 18 1998 - 16:41:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:09 MST