rem wrote:
>
> hello squid-users!
>
> i have a linux 2.4 box with squid installed and having ncsa_auth as
> authentication methond. squid executable spawns a specified number of
> ncsa_auth processes and binds them to some high number ports, BUT
> is it possible to specify these ports to be bound to?
Not really.
> the problem is that i have several shell users (SSH shell) on the
> system and i don't want them to create processes that bind themselves
> to specific ports that can be accessed remotely or even locally
> (because they can use ssh forwarding and use them remotely). for that
> reason i have firewalled out even unwanted localhost->localhost TCP
> transfers and squid authentication as a result does not work, unless i
> specifically allow these ports in firewall (which is dirty, as the
> port numbers change on squid/system restarts, etc)
You can switch Squid to use another transport method than TCP/IP.
a) You could try http://devel.squid-cache.org/projects.html#unix_sockets
b) Or change thre relevant calls to ipcCreate() to specify IPC_PIPE
instead if IPC_TCP_STREAM.
> is there a way how to solve this problem without changing
> authetication shceme? if not, which authetication would you recommend?
Switching authentication scheme wont make a difference here.
Regards
Henrik Nordström
Squid Hacker
Received on Fri Oct 19 2001 - 01:15:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:52 MST