RE: [SQU] Passing Username, Password and URL to authenticate prog ram

From: Kieran Skinner <kieran.skinner@dont-contact.us>
Date: Wed, 24 Jan 2001 12:35:36 -0000

Is this practical with really large numbers of users?

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: 24 January 2001 12:26
To: Kieran Skinner; squid-users@ircache.net
Subject: Re: [SQU] Passing Username, Password and URL to authenticate
program

Dead easy.

Compile squid with AUTHENTICATE_ON_ACCEL (see the list yesterday or
thereabouts - Henrik posted the exact steps). That will give
you authenticated acceleration capability.

From memory (and I may be wrong) you can also use
url/url_regex/dst/dst_domain acl's with acceleration.

So....

acl group1 proxy_auth john fred mary
acl group2 proxy_auth stephen mary joseph
acl server1 dst_domain server1.domain.com
acl server2 dst_domain server2.domain.com
acl server3 dst_domain server1.domain2.com

http_access allow group1 server1
http_access allow group1 server3
http_access allow group2 server2
http_access allow group2 server3

voila! no redirector, no alterations to squid :-]

Rob

----- Original Message -----
From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
To: "Robert Collins" <robert.collins@itdomain.com.au>;
<squid-users@ircache.net>
Sent: Wednesday, January 24, 2001 10:39 PM
Subject: RE: [SQU] Passing Username, Password and URL to authenticate
program

> Hi Rob,
>
> Basically I want to accelerate for multiple servers, with different users
> able to access different servers.
>
> The accelerated servers are on a mish mash of different hardware/software
> platforms so it will be easier for me to manager the user access
centrally,
> through squid and a user database. Hopefully, this will also mean that
the
> skills requird to administer the webservers may be lower.
>
> Henrick pointed out that the Redirector helpers would recieve both
username
> and url. So I guess I could authenticate username and password with an
> authentication program, then use the redirector to redirect the user to an
> error page if they try to access a server they are not supposed to. This
> could work but would be a bit messy.
>
> Maybee there are some other tricks to give me this functionality.
>
> Kieran
>
>
>
>
> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: 23 January 2001 21:11
> To: Kieran Skinner; squid-users@ircache.net
> Subject: Re: [SQU] Passing Username, Password and URL to authenticate
> program
>
>
> Why do you need to? If you are looking to tie the username, password and
url
> together you will not be following the guidlines from
> rfc2617 for basic authentication)
> . If you are looking at getting digest authentication running, the front
end
> code is already present on sourceforge... feel free to
> jump in a write a directory integrated backend.
>
> Rob
>
> ----- Original Message -----
> From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
> To: <squid-users@ircache.net>
> Sent: Wednesday, January 24, 2001 12:04 AM
> Subject: [SQU] Passing Username, Password and URL to authenticate program
>
>
> >
> > Is it possible to pass the requested URL to a custom athentication
program
> > in addition to the username and password supplied.
> >
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> >
> >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Jan 24 2001 - 05:38:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:33 MST