Henrik Nordstrom <hno@hem.passagen.se> writes:
>Thomas.Hansen.tmh./Copenhagen@manbw.dk wrote:
>> Is there anyway I can prevent the same userid to access the
>> cache with more than one instant, i.e. if userid tmh is
>> connected from pc 172.16.1.1, "another" tmh cannot access
>> the cache from pc 172.16.1.2?
>I have a patch which makes shared username browsing a pain in the ass by
>requiring reauthentication (the login dialog pops up) from the client
>when a IP address switch is detected within a configurable time period.
>It also logs the action in cache.log.
If you use "smb_auth" for the external authentication, you have to
be aware, that NT doesn't care about case sensitive usernames.
So "fillmore", "Fillmore" and "FiLlMoRe" are different users for
Squid but not for NT. We've applied the following patch against
Squid-2.2STABLE5 with Henrik's authenticate_ip_ttl Patch tolower
all letters in the username:
-------------------- snip ----------------------------------
*** acl.c.org Mon Nov 1 16:11:37 1999
--- acl.c Mon Nov 1 16:15:36 1999
***************
*** 993,998 ****
--- 993,999 ----
{
char *sent_auth;
char *cleartext;
+ int i;
if (proxy_auth == NULL)
return 0;
***************
*** 1017,1022 ****
--- 1018,1028 ----
debug(28, 1) ("aclDecodeProxyAuth: no password in proxy
authorization header\n");
return 0;
}
+
+ for (i=0; i< strlen(*user); i++) {
+ (*user)[i]=tolower((*user)[i]);
+ }
+
return 1;
}
--------------- snap
--------------------------------------------------------
Now there are still two ways to share usernames:
- If you have two or more proxies with round-robin
- If one user logs on with "DOMAIN-NAME\username" and the otherone
logs on with "username"
If you want to prevent this you might have a look at Dancer's
"ip_auth" patch (http://www2.simegen.com/~dancer/patches/ipauth.patch
Regards,
Matthias Grund
-- Matthias Grund Tel: +49 451 882 1500 Draeger Synematic GmbH Fax: +49 451 882 71500Received on Tue Nov 02 1999 - 02:50:26 MST
This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:31 MDT