RE: External group concept

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 5 Jul 2001 18:18:45 +1000

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Thursday, July 05, 2001 6:04 PM
> To: squid-dev@squid-cache.org
> Subject: External group concept
>
>
> It is about time to start thinking about how to implement external
> groups.
>
> As discussed earlier (see squid.sourceforge.net/ntlm/ for one achive)
> two concepts are needed
>
> a) Groups as returned by the authenticator
> b) Other groups, verified by a separate helper using
> "ident/login, IP,
> browser"
>
> 'b' is fairly straight forward to implement, but I am not very familar
> with the auth code changes needed for 'a' but I guess it shouldn't be
> too hard to add...
>
> I think both should match a single ACL type "group" if possible.

Yes. Both a and b need a "group" concept in squid. Adding users to
groups needs a global API of some sort - probably one function to add,
one to test for membership and one to free. After that coding a is
trivial for any given scheme.

IMO the groups shouldn't be a separate ACL type though - the proxy_auth
acl is effectively a group acl now, just not dynamic as users login. I'd
like the list of proxy_auth acl's to be extended as users login, and
users added and removed from the acl's as they login and are cleaned
from the user cache respectively.

Rob

>
> --
> Henrik
>
Received on Thu Jul 05 2001 - 02:28:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:05 MST