The format used in authentication very much depends on the scheme
used.
You refer to the protocol used for Basic authentication helpers here.
That protocol is fundamentally flawed in that it does not protect the
data in any manner. I will not duplicate the same flaw in any new
protocols.
For the external_acl protocol I selected the simplicity of a single
line request/response protocol, and used the standard escape syntax
of using \ to escape sensitive characters. In future there is likely
to be another variant of the protocol using URL escaped strings.
In the long run we need to decide on a good style on how helper
protocols should be designed, but what can be said for certain is
that the way the Basic authentication protocol currently works is not
the way to do things. That \ should either be \ escaped into \\, or
URL encoded.
Regards
Henrik
On Thursday 04 July 2002 22.25, Guido Serassio wrote:
> Hi Henrik,
>
> Testing the winbind External ACL group helper, I have just found a
> problem:
>
> All authentication helpers handle the Windows domain\username
> syntax and the Squid interface give them usernames in this syntax.
> But, external ACL interfaces, give me a domain\\username string.
> So, i think that it will be better, if external ACL use the same
> format as Authentication.
>
> About the winbind External ACL group helper: from command line it
> seems to works fine.
>
> Regards
>
> Guido
>
>
>
> -
> =======================================================
> Serassio Guido
> Via Albenga, 11/4 10134 -
> Torino - ITALY E-mail: guido.serassio@serassio.it
> WWW: http://www.serassio.it
Received on Thu Jul 04 2002 - 16:55:53 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:45 MST