Re: [squid-users] Authenticator protocol extensions

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 29 Nov 2002 09:58:25 +0100 (CET)

autinfo is heading in the direction of providing additional functionality
in authentication to be able to tell the user why their authentication
fails in the error message returned when authentication is required.

external_acl provides a generic way of adding custom acl checks to Squid,
but is not a direct replacement for authinfo. Depending on your
authentication backend it is however true that some of the functions of
auth_info can be implemented using external_acl.

Based on your problem description there is another development project of
interest to you.. deny_info_url. Allows deny_info to redirect the user to
a URL instead of sending a custom error page. Works wery well in
conjunction with external_acl to provide different messages for different
conditions (each condition requiring a unique external_acl lookup
however).

Regards
Henrik

On Fri, 29 Nov 2002, John Blance wrote:

> The external_acl scheme appears to provide more flexibility in
> determining whether a user is allow access or not.
>
> I have a need to check more of the user information and potentially
> redirect under certain conditions. That is, if the users' password is
> about to expire redirect them to a page that allows them to change it.
> [Why? Its a long story.....]
>
> I thought that the way to do it would do the test in the auth program,
> e.g. using an external_acl, and perhaps have three valid responses [OK,
> ERR & EXPIRED]. I would then need to deal with the additional
> response...
>
> It looked like the authinfo project was heading this way - is/was that
> true?
>
> Regards
>
> John Blance
> Technical Architect
> Canterbury District Health Board
> Direct Dial: 03 3640707
> john.blance@cdhb.govt.nz
> >>> Henrik Nordstrom <hno@marasystems.com> 11/29/02 15:19 PM >>>
> On Thursday 28 November 2002 23.46, John Blance wrote:
> > I am looking for the authenticator protocol extensions
> >
> > They are listed as in alpha on the page
> > http://devel.squid-cache.org/projects.html and owned by Pedro Lineu
> > Orso, but the view and download links seem to timeout
>
> Seems to be some kind of communication problem within the SourceForge
> servers prevending development patches to be downloaded via the web..
> will try to get this resolved (applies to all Squid development
> projects).
>
> Notes:
>
> The authinfo project is stale and has not been maintained for some
> time. Probably only works with Squid-2.4 without modifications.
>
> Some of the functionality of authinfo has been partially replaced by
> the external_acl scheme of Squid-2.5 and later.
>
> Regards
> Henrik
>
>
>
> **********************************************************************
> ** This email and attachments have been scanned for content and viruses
> and is believed to be clean **
>
> This email or attachments may contain confidential or legally
> privileged information intended for the sole use of the addressee(s).
> Any use, redistribution, disclosure, or reproduction of this message,
> except as intended, is prohibited. If you received this email in error,
> please notify the sender and remove all copies of the message,
> including any attachments. Any views or opinions expressed in this
> email (unless otherwise stated) may not represent those of Canterbury
> District Health Board
> **********************************************************************
>
Received on Fri Nov 29 2002 - 01:58:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:39 MST