Re: [squid-users] auth_param username rewrite

From: Scott <[email protected]>
Date: Mon, 17 Jan 2005 10:37:54 +1100

Thanks alot for the feedback about this Henrik...

My other alternative theory would be to create some sort of third party
login to allow users to auth and therefore setting the user to
user@domain before passing to the squid server.. The only problem with
this would be that I have no idea how to get such a page to force proxy
headers to a remote client to be used on the squid server.. If anybody
either understands what I am talking about or has any suggestions on
this matter I would love to hear from you.

Thanks again

Scott

On 15/01/2005, at 11:05 AM, Henrik Nordstrom wrote:

> On Wed, 12 Jan 2005, Scott wrote:
>
>> Currently a user must log in using a username@domain to authenticate.
>> This works fine but as time goes by I end up with a large amount of
>> users wishing that they could drop the domain authentication from the
>> auth request.
>>
>> I would like to do this but I have hit a brick wall in regards to how
>> to handle multiple matching usernames (and passwords unfortunetly)
>> without a domain.
>
> Indeed a problem, and no easy short term solution available today
> other than to use one Squid instance per user population, each with
> their own auth_param settings, and possibly forwarding all requests to
> a common Squid for caching.
>
> The long term solution is to implement something called
> "Authentication Realms", allowing multiple different auth_param
> settings in the same Squid allowing different settings to be used for
> different clients.
>
>> A) allowing %SRC to be passed with <username> <password> to the auth
>> helper
>
> There was a patch for this for Squid-2.4, but not really doing what
> you ask.
> <url:http://devel.squid-cache.org/old_projects.html#authinfo>.
>
> What this patch does not is that it doesn't differentiate between user
> a from IP 1 or user a from IP 2. If only allows the helper to verify
> the IP of the initial login.
>
>> I might be looking at this wrong but all the things that I have
>> looked at so far have said that squid will not pass any args to the
>> auth helper at all.
>
> Squid uniquely identifies users by their login, not including the IP.
> This is required for the max_user_ip acl and a few other constructs.
> We do not intend to change this.
>
> Regards
> Henrik

This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
 those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.
Received on Sun Jan 16 2005 - 16:38:05 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST