I've gone back to auth_rewrite now the 1st rewrite is working happily, and
found that the code was clear enough to pick up a goal I had discarded as
too much effort too little reward. Well it was a lot easier than expected -
I have modularised the authentication much like the fs/ and repl/ modules.
It's not 100% clean as some global types need changing to add new
authentication modules, (I avoided too much pointer chasing in my first
rewrite- that may have been a mistake :-])
Also theres some stuff in the squid.cache that is auth scheme specific that
should in theory be dynamic
ie
authenticate_program ntlm path params
instead of
authenticate_program_ntlm path params.
But still the main benefit - adding new authentication schemes in a 'turn on
or off easily' without changing acl.c or authenticate.c has been realised.
With one _little catch_. There are no hooks for authentication schemes that
require extra header or trailers in the response (ie Digest Authentication).
You could do different one-off schemes like basic or two-way like NTLM. (In
fact you can do a request based two-way if you had one defined. But you
can't add extra information to each and every response.
So.... now being out of my depth I thought a please for help would be in
order...
I'm looking at where in the client_side stuff the hooks for digest
authentication should go.
[Info]->Digest can send a header [Proxy]_Authentication_Info to the client
with the response. It can go as a header or as a Trailer (with chunked
encoding).
[Idea]->I am thinking of placing hooks to the authentication code in
ClientProcessRequest ( to allow header insertion) and perhaps
ClientProcessBody (to allow trailer insertion).
Comments?
The reason I am not inserting the authentication_info headers in the acl
check is that many acl's can be checked and we only want the one header.
Also inserting it when the request may get denied does not IMO make too much
sense.
Rob
Received on Wed Nov 22 2000 - 01:59:15 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:00 MST