Re: [squid-users] Authentication

Would the smb/winbind helper be able to do what I'm asking?

Or. Could you give me a little guidance on "writing a small helper that
tells squid the password is expired".
I don't have much of an idea on what that means. ;-)

TimR

Henrik Nordstrom <hno@squid-cache.org>
01/15/2004 01:24 PM

 
        To: trainier@kalsec.com
        cc: squid-users@squid-cache.org
        Subject: Re: [squid-users] Authentication

On Thu, 15 Jan 2004 trainier@kalsec.com wrote:

> Is there a way for me to redirect to a specific URL if the user's
password
> is "blank" ??
>
> You suggested using an external ACL to block users with an expired
> password. Here's how I'm expiring passwords, since I'm using the NCSA
> helper:
>
> When I create a user, it dumps a username, a 'tab' and an expiration
date
> to a file called "expired".
> I have an agent that runs on a regular basis that watches the expired
> file. The agent checks the file by grepping for today via a pre
formatted
> date.
> If anything returns from the grep expression, it removes the password
from
> the user's entry in the password file. A null password is assumed
> expired.

What I would suggest is to change this slightly. Instead of using that
agent which removes users from the password file, keep the users there and

instead write a small helper to Squid to verify that the user account have

not expired. Then redirect users failing this check to the change password

page.

This gives you the mechanism that when a usier logs in with an expired
account he is redirected to the change password page.

See the "external_acl_type", "acl external" and "deny_info" directives.

Regards
Henrik
Received on Fri Jan 16 2004 - 13:09:46 MST