Hi Steve / Anybody else interested
After a few weeks we got an internal programmer to add the features we
wanted to the auth system
We actually have it done for basic and for digest..
I am not sure about the posting of files to this list so I won't post
it but if anybody was willing to take the code and maintain it I would
be more than happy to post it up somewhere.
basically it converts a plain username
example:
username = fred / fred becomes fred@10.0.0.50
if fred auths with fred@exampledomain.com
then the modification actually ignores the ip appendage and continues
on it's way
I hope this makes some sense and is roughly what people are looking for
Please let me know what I should be doing with this patch and where I
can submit it for future users as I do not want it just left in the
dark and would of course love to see somebody actively maintaining it.
PS. This patch is only tested and used on version 2.5 Stable release
(somebody else may have better luck with modifying it to suite versions
onwards)
Scott
On 11/04/2005, at 1:19 PM, Steve wrote:
> Hi David and all,
>
> I found this thread in the old archive of squid-users.
> Any updates on the status of your patch you mentioned before?
>
> Thanks,
> Steve.
>
> David Brown wrote:
>
>> On Wed, 19 Jan 2005 23:17:58 +0100 (CET), Henrik Nordstrom
>> <hno@squid-cache.org> wrote:
>>
>>> On Mon, 17 Jan 2005, Scott wrote:
>>>
>>>
>>>> Sorry Henrik, should have elaborated a little... I have over 1000
>>>> customer
>>>> sites.. that would be a little ugly to set up and very ugly to
>>>> maintain.
>>>>
>>> Not very, but a little yes.
>>>
>>>
>>>>> It must be another proxy (such as Squid) and it must support
>>>>> forwarding of
>>>>> the user credentials to another proxy but with a modified username
>>>>> (which
>>>>> Squid does btw.. see the login= cache_peer option).
>>>>>
>>>> I'll take a look at this me thinks
>>>>
>>> I am not sure you will find any which does what you want.
>>>
>>> Probably easier to modify Squid to your desires. If you use Basic
>>> authentication then all you should need to modify is the decoding of
>>> the
>>> authentication header to always add the client ip to the username.
>>>
>>> see src/auth/basic/auth_basic.c authenticateBasicDecodeAuth()
>>>
>>>
>>
>> Henrik / All,
>>
>> My company has actually subcontracted out this partcular task and we
>> implemented the solution yesterday. (We needed to do username
>> rewriting based on client source IP). The code writers have said that
>> they are happy to release the patch to the community however there's a
>> raft of red tape, intellectual property and management approval to be
>> done before we can. Hopefully there won't be any objections and we can
>> release the patch for possible inclusion in squid.
>>
>> Will keep the list posted.
>>
>> Regards
>> David Brown
>>
>>
>>> Regards
>>> Henrik
>>>
>>>
>>
>>
>>
>
This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.
Received on Sun Apr 10 2005 - 22:38:02 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT