Re: [SQU] Passing Username, Password and URL to authenticate program

As practical as a external helper program - the management has to be done somewhere. You can use external files to hold your user
lists and domain lists. Squid will let you combine acl's in arbitrarily complex arrangements...

Rob

----- Original Message -----
From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
To: "Robert Collins" <robert.collins@itdomain.com.au>; <squid-users@ircache.net>
Sent: Wednesday, January 24, 2001 11:35 PM
Subject: RE: [SQU] Passing Username, Password and URL to authenticate program

> Is this practical with really large numbers of users?
>
> -----Original Message-----
> From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> Sent: 24 January 2001 12:26
> To: Kieran Skinner; squid-users@ircache.net
> Subject: Re: [SQU] Passing Username, Password and URL to authenticate
> program
>
>
> Dead easy.
>
> Compile squid with AUTHENTICATE_ON_ACCEL (see the list yesterday or
> thereabouts - Henrik posted the exact steps). That will give
> you authenticated acceleration capability.
>
> From memory (and I may be wrong) you can also use
> url/url_regex/dst/dst_domain acl's with acceleration.
>
> So....
>
> acl group1 proxy_auth john fred mary
> acl group2 proxy_auth stephen mary joseph
> acl server1 dst_domain server1.domain.com
> acl server2 dst_domain server2.domain.com
> acl server3 dst_domain server1.domain2.com
>
> http_access allow group1 server1
> http_access allow group1 server3
> http_access allow group2 server2
> http_access allow group2 server3
>
> voila! no redirector, no alterations to squid :-]
>
> Rob
>
>
>
>
> ----- Original Message -----
> From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
> To: "Robert Collins" <robert.collins@itdomain.com.au>;
> <squid-users@ircache.net>
> Sent: Wednesday, January 24, 2001 10:39 PM
> Subject: RE: [SQU] Passing Username, Password and URL to authenticate
> program
>
>
> > Hi Rob,
> >
> > Basically I want to accelerate for multiple servers, with different users
> > able to access different servers.
> >
> > The accelerated servers are on a mish mash of different hardware/software
> > platforms so it will be easier for me to manager the user access
> centrally,
> > through squid and a user database. Hopefully, this will also mean that
> the
> > skills requird to administer the webservers may be lower.
> >
> > Henrick pointed out that the Redirector helpers would recieve both
> username
> > and url. So I guess I could authenticate username and password with an
> > authentication program, then use the redirector to redirect the user to an
> > error page if they try to access a server they are not supposed to. This
> > could work but would be a bit messy.
> >
> > Maybee there are some other tricks to give me this functionality.
> >
> > Kieran
> >
> >
> >
> >
> > -----Original Message-----
> > From: Robert Collins [mailto:robert.collins@itdomain.com.au]
> > Sent: 23 January 2001 21:11
> > To: Kieran Skinner; squid-users@ircache.net
> > Subject: Re: [SQU] Passing Username, Password and URL to authenticate
> > program
> >
> >
> > Why do you need to? If you are looking to tie the username, password and
> url
> > together you will not be following the guidlines from
> > rfc2617 for basic authentication)
> > . If you are looking at getting digest authentication running, the front
> end
> > code is already present on sourceforge... feel free to
> > jump in a write a directory integrated backend.
> >
> > Rob
> >
> > ----- Original Message -----
> > From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
> > To: <squid-users@ircache.net>
> > Sent: Wednesday, January 24, 2001 12:04 AM
> > Subject: [SQU] Passing Username, Password and URL to authenticate program
> >
> >
> > >
> > > Is it possible to pass the requested URL to a custom athentication
> program
> > > in addition to the username and password supplied.
> > >
> > >
> > > --
> > > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> > >
> > >
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> >
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html