Re: Authorization by acl

From: Chris Hughes <[email protected]>
Date: Thu, 15 Jul 1999 15:20:47 +0100 (BST)

On Thu, 15 Jul 1999, Wade Komisar wrote:

> Thank you for the patch, and once again raising the question of
> authorization in squid.
>
> I have a similar need for greater granularity in authorization.
> However, I'm using the NCSA authentication method and not LDAP.
> Granted, that I will need to customize the NCSA routine to recognize my
> authorization criteria, is your patch generalized enough for me to use,
> or is it LDAP specific?

 I really just knocked up the patch because I wanted to prove to someone
that it was possible to do this with squid, and I'd like to suggest at
least an evaluation of a squid deployment versus our current Netscape
Proxy infrastructure (which I truly detest).

 It's _totally_ untested, and I wouldn't recommend using it. I just
really wanted to provoke some discussion again ;) Basically, it just
passes the acl name to the external authenticator as:
<acl> <user> <password>
instead of the normal
<user> <password>
so that the external authenticator can use that to determine if the user
is authorized to get the resource. But it kinda subverts squid's
authentication method to do authorisation, and there's a couple of kludges
in there to retrieve the acl name.

 On the other hand... it's not LDAP specific.

Chris

-- 
Chris Hughes
Received on Thu Jul 15 1999 - 08:18:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:25 MST