All authentication with squid is with a third party. Squid uses
"helpers" to do the user verification, and then caches the result until
the user is inactive for a few minutes.
What you need to do is compile or build a authentication helper for
squid that will communicate with the user-database. There are modules
with squid that can do NCSA, unix 'getpwnam', redhat PAM, and SMB style
back end user validation.
You then edit your squid configuration file reflect when users need to
be authenticated, and to identify the helper to be used.
Note that the users passwords will cross the wire in plain-text. The
only authentication protocol currently available (and stable) for squid
is "BASIC" authentication. No-one is working on 'digest' authentication
yet, although the hooks to allow it are nearly ready. Finally NTLM
authentication for internet explorer users (and possibly recent
netscapes) is in experimental mode at the moment. Currently it can
identify the user, but it cannot identify if the user has the correct
password or not!
Rob
> -----Original Message-----
> From: Ben Mckellar [mailto:Ben@hotlinesupport.com]
> Sent: Tuesday, 1 August 2000 12:12 PM
> To: squid-users@ircache.net
> Subject: Authentication? Radius? External program?
>
>
> Hi,
>
> I am looking at squid authentication for the first time. I
> have thrown a
> few things around in my head like radius authentication off an already
> existing NT box, or a 3rd party authentication program.
>
> Which would be the easiest to setup? If i was using radius
> whats the breif
> outline of steps i would have to go through.
>
> If i was to use a 3rd party authentication program with squid
> what would it
> involve (breif outline) , if i chose this do i just point the
> section in the
> squid.conf file to the program ?
>
> your help/advice is appreciated.
>
> Thanx
>
> ---------------------------------------------------------------------
> Ben Mckellar - Hotline Support Pty Ltd
> ---------------------------------------------------------------------
>
>
Received on Mon Jul 31 2000 - 20:40:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:37 MST