Re: auth_rewrite from Robert Collins on 2001-01-04 (squid-dev)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Fri, 5 Jan 2001 02:25:31 +1100

Well for auth_rewrite itself it's pretty straightforward (basic authentication). Down the track however you have to handle
challenge/response to test authentication. Leaving that aside...

For the purposes of testing squid's basic auth scheme:

setup squid with NCSA/pam whatever auth works for you configured for (say) all requests.

in the polygraph requests ask for objects that are protected by proxy_auth acl's (either assume all, or wait for a 407 response to a
normal request) with Proxy-authenticate headers (basically username:password).

I think a reasonable number of discrete users should be tested in parallel - say 200/300. IIRC polygraph tests are over a longish
time? Say 4-5 hours? have each user run a 'session' of requests - ie 30 minutes of requests, then nothing for 30 minutes, repeat.
This will allow testing the garbage collection stuff.

test the same user from multiple IP's.

That should be about it. I'm actually not expecting any problems... but I would _love_ to know if it is faster or slower than HEAD.
(remembering Henriks new request path is in there as well).

The acid test for speed would be a reasonable number of proxy_auth acl entries - say 50 proxy_auth_regex entries.

(To be honest I haven't actually thought through exactly what does need to be benchtested for authentication. Feel free to improvise
what you'd expect to see in an enterprise authenticating it's users.)

Down the track the tests will need to encompass replay attack detection/multiple users with different auth schemes/memory use...
Rob

----- Original Message -----
From: "Alex Rousskov" <rousskov@measurement-factory.com>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <squid-dev@squid-cache.org>
Sent: Friday, January 05, 2001 2:03 AM
Subject: Re: auth_rewrite

> On Thu, 4 Jan 2001, Robert Collins wrote:
>
> > the auth_rewrite branch is now stable (unless someone has a
> > polygraph test that handles authentication).
>
> If you tell me exactly what authentication abilities/features are
> required for your tests, I will try to add them to Polygraph.
>
> Thanks,
>
> Alex.
>
>
Received on Thu Jan 04 2001 - 08:14:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:09 MST