[squid-users] How to use external authentication and authorisation helpers ?

From: Markus Moeller <huaraz@dont-contact.us>
Date: Sat, 19 May 2007 18:48:41 +0100

I am new to squid and I try to understand how squid has to be configured for
authentication and authorisation.
For example if I want to authenticate a user with NTLM or Negotiate and
authorise depending on ldap group memberships.

I was thinking that I need:

auth_param ntlm program
/path/to/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm keep_alive on
auth_param ntlm children 5

external_acl_type ldap_group ttl=3600 negative_ttl=3600 children=5 %LOGIN
/path/to/helper url=ldap://server.com bind=DC=SERVER,DC=COM

acl ntlm proxy_auth REQUIRED
acl ldap_check external ldap_group SQUID_USER

http_access allow ldap_check
# And finally deny all other access to this proxy
http_access deny all

What I was wondering is how does the authentication helper get invoked ? Do
I need also

http_access allow ntlm

or will ldap_check know that ntlm authentication has to be invoked to get
%LOGIN details ?

Thank you
Markus
Received on Sat May 19 2007 - 11:49:46 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT