Re: ident lookup made despite "ident_lookup off"

From: Dancer <>
Date: Tue, 10 Mar 1998 02:52:51 +1000

ADELINE E InfoRstTel wrote:
> Since I added an "user acl" in my squid;conf, ident lookups are made by Squid
> despite the "ident_lookup off".
> (I use proxy authentication).
> Is it a feature? And if it is, how to disable ident lookups (without patching
> the code)?

Quote from the config file:

// acl aclname user username ... # string match on ident output.
// # use REQUIRED to accept any
// # non-null ident.

(Someone will correct me if I'm wrong here)

I don't believe squid has any way of determining what the user name
associated with a connection is without using ident. That's what ident
is for: To find out what username is on the other end of a socket.

Therefore, it seems to me, that if you put in an 'acl ____ user _____'
without ident running, the acl would never pass unless squid turned
ident lookups on.

As it is (I just did a UTSL - does nobody read source-code anymore?),

    case ACL_USER:
        Config.identLookup = 1;

If you use the user acl, you get ident lookups automagically. Since you
have to have them for user acls to work, I guess you call it a feature.

Received on Mon Mar 09 1998 - 09:00:09 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:12 MST