Re: External Auth

From: David Richards <dj.richards@dont-contact.us>
Date: Wed, 18 Nov 1998 09:45:52 +1000 (EST)

Marc,

        I am well aware that this is in squid. We are using this
technology here at QUT. However, the only problem we face is that we had
to hack the code so that not only were the details of user and password
were sent to the authenticator, but also the client IP and URL they were
trying to access.

        What I would like to see is the whole authentication structure
passed onto the authenticators "stdin" socket. Maybe the first 4 bytes
[sizeof(int)] bytes could be the size of the structure being passed, then
the rest being the structure itself.

        The authenticator may look something like this:

        /* Get the auth structure. */
        read( stdin, &struct_size, sizeof( int ) );
        read( stdin, auth_struct, struct_size );

        /* Perform authentication. */

        /* Fill in return structure. */
        /* the result of authentication.*/

        /* Send result. */
        struct_size = sizeof( auth_struct );
        memset( send_buf, 0, struct_size + sizeof( int ) );
        memcpy( send_buf, struct_size, sizeof( int ) );
        memcpy( &send_buf[ struct_size ], auth_struct, struct_size );
        write( stdout, send_buf, struct_size + sizeof( int ) );

Seeya,

-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
David Richards
Network Programmer
Internetworking Software Services, Computing Services
Queensland University of Technology
Level 12, 126 Margaret Street
Brisbane QLD 4001, Australia
E-mail: dj.richards@qut.edu.au
Ph: +61 7 3864 4347 Fax: +61 7 3864 5272
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-

On Tue, 17 Nov 1998, Marc van Selm wrote:

> At 02:16 PM 11/16/98 +1000, David Richards wrote:
> >Arjan,
> >
> > I am wondering, if it would be possible to pass the entire
> >authentication structure to the external authentication process??
> >
> > The external auth process should then pass back the authentication
> >structure. If any modifications are made, this should then replace the
> >authentication structure in squid.
>
> That's already in. Squid-2.x has it build in and Squid-1.1.x need a patch
> (am I
> correct?) I currently have a working version on Squid-2.x with RADIUS. The
> external authenticator gets a line with "user passwd" and the authenticator
> send OK or ERR. I my case the RADIUS authenticator does the rest. (My kit is
> based on code found in the Cistron-radiusd kit by the way...)
>
> Marc
>
> >
> >Thanks,
> >
> >-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
> >David Richards
> >Network Programmer
> >Internetworking Software Services, Computing Services
> >Queensland University of Technology
> >Level 12, 126 Margaret Street
> >Brisbane QLD 4001, Australia
> >E-mail: dj.richards@qut.edu.au
> >Ph: +61 7 3864 4347 Fax: +61 7 3864 5272
> >-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
> >
> ---------------------------------------------------------------------
> Marc van Selm
> NATO C3 Agency
> Communication Systems Division, A-Branch
> Tel: +31 70 3142454
> ---------------------------------------------------------------------
> Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm
>
> "Push to test." <click> "Release to detonate."
>
Received on Tue Nov 17 1998 - 16:28:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:08 MST