Re: [SQU] Limitations

The other two problems can be solved with a custom proxy_auth helper.

The auth helper can query the other proxy to verify the login if the
user is not known in the local user database.

Squid does not care how users are stored. This is an issue for the
helper process. As I said there exists many different helpers for
accessing various database driven user databases, for example LDAP,
Radius, and many more, including any source for which there exists a PAM
integration module.

Users can be stored in databases in about one zillion different ways, in
a wide varity of databases. To tell what helper you need you MUST decide
on exacly how you want to have the users stored, where, and why.

Also, NCSA style password files IS one kind of database, even if
somewhat limited in what it can express (only a single table where the
two first columns are predefined to username and crypt() "encoded"
password). There are database engines which allows you to run SQL
against such files (column structured txt files), some even supporting
transactions.

--
Henrik Nordstrom
Squid hacker
Henrik Nordstrom wrote:
> 
> Your problem is that Squid cannot correcly parse a config file with
> spaces in the user name.
> 
> Attached is a small patch which should allow you to write the username
> using URL escaping syntax (%20 for space)
> 
>    login=first%20last-name:password
> 
> --
> Henrik Nordstrom
> Squid hacker
> 
> Devin Teske wrote:
> >
> > Hello,
> >
> > I'm hitting major limitations here with squid. The fact that it can't handle
> > usernames for an upstream proxy with spaces in it, that you can't set a
> > fallback authentication proxy, and the fact that you can't set up you users
> > in a database, is hampering my project.
> >
> > The only way I can see myself of getting over those limitations is if I knew
> > how to program in C++ and reprogram parts of squid and/or helper
> > applications.
> >
> > So, is there anything more powerful than squid (one preferrably that has
> > those features)? I need something! ((Delagate? Proxy Soft?))
> >
> > Thank you in advance,
> > Devin Teske
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> 
>     ---------------------------------------------------------------
> Index: cache_cf.c
> ===================================================================
> RCS file: /server/cvs-server/squid/squid/src/cache_cf.c,v
> retrieving revision 1.371
> diff -u -w -r1.371 cache_cf.c
> --- cache_cf.c  2001/01/25 23:01:56     1.371
> +++ cache_cf.c  2001/01/28 00:44:42
> @@ -1232,6 +1232,7 @@
>  #endif
>         } else if (!strncasecmp(token, "login=", 6)) {
>             p->login = xstrdup(token + 6);
> +           rfc1738_unescape(p->login);
>         } else if (!strncasecmp(token, "connect-timeout=", 16)) {
>             p->connect_timeout = atoi(token + 16);
>  #if USE_CACHE_DIGESTS
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html