Re: authentication with time out

From: Josh Kuperman <josh@dont-contact.us>
Date: Wed, 2 Feb 2000 15:18:56 -0500

        Hmm.. indeed. I apologize for this post if there is a way to
get more info from a redirection request than the requested URL. Does
it make sense for a redirector program to redirect to a cgi and have
that cgi return the originally requested web page? Wouldn't I
completely lose the benefits of Squid as a caching proxy server if I
did this? As far as I can tell given how Squid works, and a user I had
previous authenticated, it would need to go something like this:
request -> squid -> redirector -> cgi -> webpage. My basic
understanding is as follows. Both the redirector and the
authentication programs are called by Squid. The authenticator gets
the username/password and must write back "OK" or "ERR". The
redirector receives a URL and writes back either the original or a
different URL. But I don't have any other info on who is calling
either unless I can set up an acl of the form.

acl testcase src 1.2.3.4
acl arbitrary_program "/usr/sbin/my.pl"
acl arbitrary_parameter_list user_id ip_address
http_access allow testcase arbitray_program arbitrary_parameter_lists all

so that I can get all the parameters i need.

        The following PERL will work as either, authenticating
everyone or writing back the URL passed to it, that is it would
achieve nothing. But I have no idea (1) how to tell it when it is the
authenticator and when it is the redirector. (2) I don't know the user
when it is called as the redirector; every time the redirector is
called $_ will be a URL, while everytime the authenticator is called
$_ will be a space separated username and password..

#!/usr/bin/perl
$|=1;
while(<>) {
   if (authenticator) {print "OK\n";}
   if (redirector){ print; }
}
exit;

I know this will sound odd, but I really would like to avoid
subscribing to the squid developers list. Though unless there is an
arbitrary program hook is squid that can be triggered by an
acl/http_access combination it looks like I'll have to. Or did I miss
a configuration option to pass these programs other info.

On Tue, Feb 01, 2000 at 11:46:26PM +0100, Henrik Nordstrom wrote:
> Josh Kuperman wrote:
>
> > Is there a way to set up a form so I can redirect patrons to a
> > login/logout page that will tell them what's happening instead of just
> > the authentication box? I believe I saw someone on the list ask a
>
> Hmm.. you could take another approach by combining authentication with a
> redirector. Instead of denying the authentication, redirect them to a
> page telling them that their time is out.
>
> Squid asks the authentication program every authenticate_ttl interval.
>
> --
> Henrik Nordstrom
> Squid hacker

-- 
Josh Kuperman                       
josh@saratoga.lib.ny.us
Received on Wed Feb 02 2000 - 13:26:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:54 MST