We want to check usernames to restrict access to certain sites.
You can solve this with ident or proxy_auth.
ident doesn't work on plain NT workstations.
For proxy_auth, you have to type an userid and a password, if you
want to surf
(and our customer thinks, that is too much work for his users).
To solve this problem I patched squid:
Now there are two new ACLs "srcname" and "srcname_regex".
Squid give the src-ipaddress to an external program (you can
configure this in squid.conf with "srcname_program"). That external
program gives something back to squid, which is checked against
these new ACLs. That reply is cached for a specified time
("srcname_ttl" in squid.conf).
As external program I modified "nmblookup" (from the samba
packet) a little bit.
With that you can check NT-usernames in squid without the need
to type userid and password.
There are some more situations, where you can use "srcname":
You want to make name-resolution against LDAP, you can check
your src-adresses directly against a database,....
There is just a little problem:
We don't have a WWW- or FTP-Server to put that patch on.
Can anyone put this patch on his server ?
Uli
'''
(0 0)
+------oOO----(_)--------------+
| Ulrich Herbst |
| debis Systemhaus ISM |
| Tel. ++49-7225-61-2220 |
| FAX ++49-7225-61-5222 |
| Ulrich.Herbst@debis.com |
+-------------------oOO--------+
|__|__|
|| ||
ooO Ooo
Received on Fri Feb 18 2000 - 01:37:18 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:20 MST