[squid-users] Detecting password expiry

From: <[email protected]>
Date: Thu, 23 Dec 2004 17:41:26 +0000

Hello

I am hoping that I can gain some knowledge here...for several weeks, on
and off, I've been playing with squid and all sorts of authenticators but
I am still running into the same wall that I did at the beginning. The big
thing I am being asked for by my boss is the ability to detect an expired
password. As far as I've found from trolling the archives, the only
projects to handle this sort of thing are now old and unmaintained and all
of the authenticators I got working well report only OK or ERR.

Our (planned) environment is this:
Two layers of squids; the first will serve certain websites that we have
deemed general access - for example, our Corporate web site - without
authentication or pass on any other requests to the second which will be
using authentication and Websense Enterprise to filter access.

I had hoped to use our fresh new Windows AD in some way to provide the
authentication since my early NTLM and Samba authenticator experiments
were all too flaky to put into a production system and I'd read many posts
on this list suggesting LDAP authentication against AD. I got this working
nicely using the squid_ldap_auth helper program and a username/group
filter like "(&(CN=%s)(memberOf=CN=InternetUsers))". This is great but the
demand from on high still stands. The helper returns only OK or ERR!

So are there any "live" projects out there that can help? As I mentioned,
I'd like to use the AD as a source to save having to maintain seperate
user lists - and frankly our users have enough problems remembering
passwords as it is - but I need to trap expired passwords and at least
redirect the user to a web page saying "Your password has expired! Go
change it!".

Also has anybody got any experiences of using the MS Services For UNIX
tool and using that as an NIS server? I was going to try it but I'd rather
not put any irreversible changes to the AD schema just yet and all the
test environment hardware is in use at the moment...can it do what I want
it to do? Is it stable?

Environment:
Squid 2.5.STABLE3
RHEL 3.0, kernel: 2.4.21-27, SMP

Here's hoping!

-- 
Ian Large <ian.large@salvesen.com>
IT Department, Christian Salvesen, Lodge Way,
New Duston, Northampton NN5 7SL, United Kingdom
Tel: +44 1604 737100 x760 Fax: +44 1604 737111

--------------------------------------------------------------------------------

For information on Christian Salvesen visit our website at www.salvesen.com.

The information contained in this e-mail is strictly confidential and for the use of the addressee only; it may also be legally privileged and / or price sensitive.  Notice is hereby given that any disclosure, use or copying of the information by anyone other than the intended recipient is prohibited and may be illegal.  If you have received this message in error, please notify the sender immediately by return e-mail.

Christian Salvesen has taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses.  However, we cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment.

Christian Salvesen is a trading name of the Christian Salvesen Group.  Christian Salvesen PLC (Company number SC7173) is the ultimate holding company within the Christian Salvesen Group whose registered office is at 16 Charlotte Square, Edinburgh EH2 4DF.
Received on Thu Dec 23 2004 - 10:41:31 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST