[squid-users] Passing authentication through squid

From: Joseph S D Yao <[email protected]>
Date: Fri, 4 Jun 2004 01:52:27 -0400

Here's a different question.

We have a firewall to the world, with several thousand accounts on it.
Users have to log in as they start to use it. This is policy, can't do
anything about it.

We want to put squid in front of this to do some filtering and stuff.
So, we make the firewall a "parent" peer cache, and say never_direct,
and put in our nice'n'naughty rules for working hours, and we're pretty
much good to go.

Except for the authentication. And I may have figured that one out.

Squid lets us say login=PASS, and pass the auth info through. But that
means that we have to tell squid to ask for auth info. So I figured
I'd write an ok_auth which always prints out ("OK user=%s", username) -
so squid will always ask for username/password but never really check
them until they're passed on. I'll then add this as an authentication
method:

        auth_param basic program /usr/local/squid/libexec/ok_auth
        auth_param basic children 10
        auth_param basic realm firewall
        auth_param basic credentialsttl 24 hours

        acl OK proxy_auth REQUIRED

        http_access allow OK

I figured this out this evening, but I want to get some sleep before
trying this out - or, rather, my body does, and I reluctantly agree.

Do I need the realm?

Is it this simple?

If it's this simple, why isn't ok_auth included in the distribution?

Thanks!

-- 
Joe Yao				jsdy@center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
-----------------------------------------------------------------------
	    PLEASE ... send or Cc: all "OSIS Systems Support"
		     mail to sys-adm@center.osis.gov
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.
Received on Thu Jun 03 2004 - 23:52:34 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT