On Fri, 7 Jul 2000, John F. Navratil wrote:
> Greetings!
>
> I need to understand authentication from "soup to nuts" and I haven't gotten
> as far as the first 's'.
>
> Can anyone give me a thumbnail description of the authentication process and
> point me to the docs. I don't mind doing my own research, I just need to
> get booted in the right direction.
I took a stab at it:
23.1. How does Authentication work in Squid?
Note: The information here is current for version 2.4.
Authentication is actually performed outside of main Squid process.
When Squid starts, it spawns a number of authentication subprocesses.
These processes read usernames and passwords on stdin, and reply with
"OK" or "ERR" on stdout. This technique allows you to use a number of
different authentication schemes, although currently you can only use
one scheme at a time.
The Squid source code comes with a few authentcation processes. These
include:
o LDAP: Uses the Lightweight Directory Access Protocol
o NCSA: Uses an NCSA-style username and password file.
o MSNT: Uses a Windows NT authentication domain.
o PAM: Uses the Linux Pluggable Authentication Modules scheme.
o SMB: Uses a SMB server like Windows NT or Samba.
o getpwam: Uses the old-fashioned Unix password file.
In order to authenticate users, you need to compile and install one of
the supplied authentication modules, one of the others
<http://www.squid-cache.org/related-software.html#auth>, or supply
your own.
You tell Squid which authentcation program to use with the
authenticate_program option in squid.conf. You specify the name of
the program, plus any command line options if necessary. For example:
authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd
Received on Tue Jul 11 2000 - 14:43:20 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:30 MST