Re: [SQU] Credentials forwarding? from Henrik Nordstrom on 2000-12-17 (squid-dev)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 17 Dec 2000 13:12:40 +0100

Nope. But I did now an I do like the option but not the implementation.

The implementation should kill flags.used_proxy_auth and instead look
for the peer option.

WWW authentication can always be forwarded I think.

So what I have done now is to take your patch and mangle it quite a bit.
Instead of a new cache_peer option it now uses login=PASS, and WWW
authentication is always forwarded. The fact that accelerators actually
doing authentication might want want something else is ignored with only
a code comment (accelerators with authentication not an officially
supported thing, and requires reading code to enable in the first
place..). The modified patch is in the sourceforge CVS under the tag
"upstreamauth".

/Henrik

Robert Collins wrote:
>
> Ermm - has anyone had a chance to look over the patch I sent in creating a
> cache_peer option for forwarding authentication?
>
> Rob
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@hem.passagen.se>
> To: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
> Cc: "'squid users mailing list'" <squid-users@ircache.net>
> Sent: Saturday, December 16, 2000 7:55 PM
> Subject: Re: [SQU] Credentials forwarding?
>
> > Chemolli Francesco (USI) wrote:
> > >
> > > I've noticed that it's possible to supply a "login=user:pass"
> > > option to the cache_peer configuration option.
> > >
> > > What I'd like to do is forwarding the credentials that the user
> > > supplied, given that all caches have the same user database.
> > >
> > > Is it possible? If so, how? Thanks.
> >
> >
> > Currently the proxy authentication forwarding mechanisms in Squid is
> > utterly flawed.
> >
> > What should be done is that the current "forward unless used locally"
> > mechanism should be ripped out, and instead a cache_peer option should
> > be added. This also partly applies when doing www-authentication in
> > accelerators.
> >
> > Search for PROXY_AUTH in http.c, and you will notice the flawed if
> > statements I am talking about.
> >
> > --
> > Henrik Nordstrom
> > Squid hacker
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> >
> >
Received on Sun Dec 17 2000 - 05:16:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:05 MST