Re: [squid-users] Authentication from trainier@dont-contact.us on 2004-01-15 (squid-users)

From: <trainier@dont-contact.us>
Date: Thu, 15 Jan 2004 10:10:16 -0500

Is there a way for me to redirect to a specific URL if the user's password
is "blank" ??
You suggested using an external ACL to block users with an expired
password. Here's how I'm expiring passwords, since I'm using the NCSA
helper:

When I create a user, it dumps a username, a 'tab' and an expiration date
to a file called "expired".
I have an agent that runs on a regular basis that watches the expired
file. The agent checks the file by grepping for today via a pre formatted
date.
If anything returns from the grep expression, it removes the password from
the user's entry in the password file. A null password is assumed
expired.

Now. How can I tell squid, that if the user exists, but doesn't have a
password set, to redirect that user to a specific URL? ie:
http://proxycache/cgi-bin/chpasswd.cgi
Is this possible?
Is this what you were suggesting?
If not, is there some in-depth documentation on how the helpers work and
should I use a different helper?

I appreciate your patience with me. :-)

Tim

Henrik Nordstrom <hno@squid-cache.org>
01/14/2004 05:17 PM

        To: trainier@kalsec.com
        cc: squid-users@squid-cache.org
        Subject: Re: [squid-users] Authentication

On Wed, 14 Jan 2004 trainier@kalsec.com wrote:

> Using basic_auth with htpasswd files and would like to know if there's a

> way to:
> 1.) Expire passwords in squid, somehow.

Only if your helper supports password expiry. The NCSA helper does not,
but should be trivial to add.

You can also have something deleting expired users from the active
password file.

My gut feeling is that this is best implemented via an external ACL (with
very short negative ttl), blocking users with expired password access
sending them to a change password page instead.

It is also possible to make use of the message string from the
authentication helper to indicate that the password has expired but this
is less obvious to the users.

> 2.) Allow the users to change their passwords.

This has to be done via other means than Squid as HTTP does not have a
"Change password" method. See the Squid FAQ for some suggestions on how
this can be done.

Regards
Henrik
Received on Thu Jan 15 2004 - 08:10:39 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:06 MST