Re: [squid-users] Confused about autenthication

From: Tim Neto <tneto@dont-contact.us>
Date: Thu, 06 May 2004 14:10:13 -0400

Hello Carlos,

I am using Squid 2.5 STABLE 5 and authenticating against SunONE
Directory 5.1/5.2. Here is a snipet of my Squid config for you. Give
it a try.

For user authentication use something like:

    auth_param basic program /usr/lib/squid/squid_ldap_auth -h
    myldapserver.domain.net -p 389 -P -b o=domain -f "uid=%s"

    Use an ACL - Access structure like:

        acl manager proto cache_object
        acl my_users proxy_auth REQUIRED
        acl my_networks src 192.168.1.0/24

        http_access allow manager my_users my_networks

For group authentication/control use something like:

    external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group
    -h myldapserver.domain.net -p 389 -P -b o=domain -F "uid=%s" -f
    "(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))"

    Use an ACL - Access structure like:

        acl my_networks src 192.168.1.0/24
        acl proxy_group external ldap_group proxy

        http_access allow my_networks proxy_group

As to the encryption of the passwords, I'm not sure here. The browser
would have to send the encrpyted password. I know my LDAP server's
passwords are encrypted. My users are able to authenticate. So...

Henrik might be able to answer the encryption question better. He was
very helpful when I was first setting up Squid here initially.

Thanks to everyone on this mailing list.

Tim

----------------------------------------------------------------------
Timothy E. Neto
 Computer Systems Engineer Komatsu Canada Limited
 Ph#: 905-625-6292 x265 1725B Sismet Road
 Fax: 905-625-6348 Mississauga, Ontario, Canada
 E-Mail: tneto@komatsu.ca L4W 1P9
----------------------------------------------------------------------

Carlos Martínez-Troncoso Cera wrote:

> Hello everybody.
> I want to authenticate my users against my LDAP Sun One Directory
> Server 5.1 when they want to use my squid 2.5 stable5 and I want
> encrypted passwords, reading about it I found that winbind is the
> solution, but with winbind I need a NT server (I don´t like this...)
> How do I do this, what authenticathion schema can I use?
> Thanks a lot.
>
Received on Thu May 06 2004 - 12:10:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT