Hello,
I'm my configuration I have 2 bluecoat proxy talking to a webwasher via ICAP to control the URL.
And I also have a squid 3.0 for my test and some special production purpose.
My squid is doing a limited authentication, using basic or none for some IP range. I can't and don't want to do any other kind of authentication as I do on the production proxy.
So to be able to make it work with the ICAP server (webwasher in my case) I need to send user name and user group to it so that I can control on the Webwasher the URL accessed from the test user and some production server.
Since on the current squid (3 stable 4) there is nothing to let me cheat with the ICAP entry I decide to add some feature to it.
I add the following ICAP option:
icap_fake_client_username: let me specifies the client username that has to be put into the icap-client-username ICAP header, applied only if the icap_send_client_username is set; no default.
icap_client_group_header: let me create a header to be send into the ICAP header, be default it's set to X-Client-Groups, and, for now, only used if the next field is present
icap_fake_client_group: let me specifies the client group that has to be put into the icap-client-group ICAP header; no default.
TODO if possible: retrieve the client-group from the authentication procedure, if done in NTLM, AD, LDAP or other method that will allow this information. But I think it will need a lot of change
The change are made to the following file:
cf.data.pre
ICAP/ICAPConfig.h
ICAP/ICAPModXact.cc
Sound interesting ?
Someone willing to give me instruction on how to continue the job ?
Suggestion on way to improve it ?
full code on request, as 3 diff file or just cut and paste, of curse
Regards,
arno
_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE
Received on Mon Apr 07 2008 - 05:10:05 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 30 2008 - 12:00:07 MDT