Re: [squid-users] Authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 15 Jan 2004 19:24:42 +0100 (CET)

On Thu, 15 Jan 2004 trainier@kalsec.com wrote:

> Is there a way for me to redirect to a specific URL if the user's password
> is "blank" ??
>
> You suggested using an external ACL to block users with an expired
> password. Here's how I'm expiring passwords, since I'm using the NCSA
> helper:
>
> When I create a user, it dumps a username, a 'tab' and an expiration date
> to a file called "expired".
> I have an agent that runs on a regular basis that watches the expired
> file. The agent checks the file by grepping for today via a pre formatted
> date.
> If anything returns from the grep expression, it removes the password from
> the user's entry in the password file. A null password is assumed
> expired.

What I would suggest is to change this slightly. Instead of using that
agent which removes users from the password file, keep the users there and
instead write a small helper to Squid to verify that the user account have
not expired. Then redirect users failing this check to the change password
page.

This gives you the mechanism that when a usier logs in with an expired
account he is redirected to the change password page.

See the "external_acl_type", "acl external" and "deny_info" directives.

Regards
Henrik
Received on Thu Jan 15 2004 - 11:24:46 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:06 MST