Re: AW: [squid-users] Authenticator needs more knowledge

From: Robert Collins <robert.collins@dont-contact.us>
Date: 01 Sep 2001 21:54:02 +1000

On 01 Sep 2001 13:00:08 +0200, Michael Meiszl wrote:
> Thanks for your suggestions!
>
> > helpers are _expected_ to validate. To make a successful hack you would
> > need to make more extensive changes than just adding the ip address to
> > the information passed to the authenticator. However, all is not lost:
> Alas, I feel this is not what I need.
> For security reasons, the actual authenticating data is kept on a server a few hundret miles away from squid. So there is no chance to create acls. Also, this would give a
> rather long configuration file 'cause there are about 40000 users.
 
Thats not actually that long, I know of sites doing similar things with
50000+ users.

> > 2) You can use Henriks' external acl branch to perform these tests.
> > Squid will call out with a custom pattern - ie username ip and look for
> > OK or ERR. This is production read unfortnately.
> YEESSS! This one looks nice to me, where can I get my hands on it?
> (and please could you explain "This is production read unfortnately", as "english is not my natural language" ?)

Go to http://squid.sourceforge.net

Read around a bit.

"Not production ready" means that the code is still under development.
It may have bugs, errors, security holes.

Also note that with this configuration you will have:

* an authentication helper to test username + password validity
* an external acl helper to test username+ip validity.

Rob
Received on Sat Sep 01 2001 - 05:53:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:01 MST