Re: [squid-users] authenticate_program

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sun, 27 May 2001 11:14:32 +1000

----- Original Message -----
From: "Matt Johnson" <mjohnson@iblp.org>
To: <squid-users@squid-cache.org>; <squid-dev@squid-cache.org>
Sent: Sunday, May 27, 2001 5:09 AM
Subject: [squid-users] authenticate_program

> I am wanting to use an external program to authenticate users
accessing my
> squid proxy server.
>
> One thing that I need to do is to have the IP address of the user to
be
> passed to my external authentication program.
>
> I'm wanting to know if there is a way I can do this in the squid.conf
file,
> or if it requires customizing the squid source code. If I need to
customize
> the source code, anyone have any suggestions on where to start?

You need to alter the squid-basic auth helper protocol. See
authenticate.c (2.4 and before) or src/auth/basic/auth_basic.c (2.5dev).
You also need to alter the in-squid logic to allow squid to treat two
users with the same name as different if they have different IP's.

> It would be rather nice if you could do something like:
> authenticate_program /home/mjohnson/code/auth.pl %IPADDRESS%

That cannot work. You only have one authenticate_program.

> Any suggestions on how to do this would be appreciated.

I'd suggest you revisit the need for the ip address. The authenticate
helper is meant for _authentication_ not _access control_. If the IP
address is part of logging the user into your user directory, then it
makes sense. If not, I suspect you will be making things more difficult
for yourself.

Rob

> Matt Johnson
>
Received on Sat May 26 2001 - 19:15:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:18 MST