Proxy Authentication (Possible Development)

From: Matthew <g2639@dont-contact.us>
Date: Thu, 6 Apr 2000 18:48:55 +0100

Squid provides very good access control but I would be interested to see
it provide an ACL (similar to proxy_auth) that doesn't request a user
name and password from the remote browser.

If an authenticate_program where then run with the source IP as an
argument through stdin then a more customisable authentication mechanism
would be available.

Example
On my school network i wrote a program that sits on one of the NT Domain
servers and simply listens on TCP port 1094. If a machine name such as
\\MCB001 is sent to this port, then my program replies with the User ID of
the user logged on to that machine. (This works be calling the
NetSessionEnum function which lists all sessions/logons with the PDC).

The above method could make this a very good authentication method (&
easy to implement).

As this is not available I had to write my own ACL in the squid source
that carried out this authentication operation (which worked v.well).

Does anyone else think that this slighty different proxy_auth method
would be very useful for authentication?

Other uses of this might be to replace squids 'src' ACL with an
authenticate_program that looked up an IP in an SQL database. In school
the 'allowed stations list' is constantly changing to allow access from
different class rooms - if squid could lookup a database (through this
authenticate_program) machines could easily be added and removed from the
allowed list.

I don't know - is this already possible?
Received on Thu Apr 06 2000 - 12:52:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:50 MST