[squid-users] Re: authentication modules

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 26 Oct 2003 09:30:22 +0100 (CET)

On Sun, 26 Oct 2003, Ilya wrote:

> If i want to realize such scheme, i need to have some way to
> get a client`s IP address.
> Is it possible to change the scheme of basic authenticaion?
> So, for example, i want to get "username IPaddress" instead
> of "username password" from stdin.

I said out-of-band authentication. This means YOU must find some method
whereby you can learn who the username per IP address is. HTTP can not
give you this information automatically.

Once you have found such method, the external_acl hooks of Squid can be
used to make Squid query your system who the username is on that IP.

alternatively you can use the already existing out-of-band ident
identification method. This just requires you to install ident servers on
all clients.

If you want to use in-band HTTP authentication then you need
to use the authentication schemes as is, which means the user providing a
login + password to his browser so the browser can authenticate to Squid.

Regards
Henrik
Received on Sun Oct 26 2003 - 01:30:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:40 MST