Re: About Authentication

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sat, 24 Feb 2001 08:17:25 +1100

The helper authentication protocol only passes username and password to
the authentication helper. The IP address is not used as a key in the
internal username index, so if you use the IP to authenticate, squid
will let other users through from different IP's without asking the
helper (squid caches the results). You can get squid to limit the user
to one IP, and if you did that then the IP address could be used.

Are you writing an NTLM or Digest or Basic authentication program ?

If you are writing a Basic one then the code you need to change is in
the src/auth/basic/auth_basic.c file. The framework doesn't currently
provide the IP address of the particular request being authenticated
(because of the logic above), so you'll need to extend that as well.

Do you mind if I ask why you need the IP address sent to the helper?
(Squid contains very functional ip address checking internally.)

Rob

----- Original Message -----
From: "Fernando Giorgetti" <fernando@gruponet.com.br>
To: <squid-dev@squid-cache.org>
Sent: Saturday, February 24, 2001 12:30 AM
Subject: About Authentication

> Hello,
>
> I'm developing an authenticate program to work with squid. And I
> need to know if exists a variable in the squid.conf that contain the
> client IP Address, because I will pass this variable as an argument to
> my program.
>
> Example:
>
> authenticate_program /usr/bin/gnauth CLIENT_IP_ADDRESS
>
> Can anybody tell me what can I pass a valid tag to
> "CLIENT_IP_ADDRESS" in my squid.conf?
>
> Or...
>
> In the squid source code, anybody knows where can I get the client
> IP Address and use it as an argument to the authenticate_program?
>
> Thanks.
>
> Fernando Giorgetti
> PS: Sorry my bad english.
>
>
Received on Fri Feb 23 2001 - 14:20:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:34 MST