[squid-users] IDENT + external acl type

From: Pieterjan Heyse <pieterjan.heyse@dont-contact.us>
Date: Tue, 18 May 2004 13:02:01 +0200

Hi folks,

I'm trying to get external acl's to work with IDENT reply after I gave
up NTLM auth.

When I configure squid to use it like this :

external_acl_type ident_auth concurrency=5 ttl=900 cache=5 %IDENT /root/auth.sh
acl browsing external ident_auth
http_access allow browsing

and the script contains this :

!/bin/sh
#
mysqluser=user
mysqlpass=pass
mysqlprog=`which mysql`
if [ "$mysqlprog" = "" ]; then
     echo "MySQL not found!"
     exit 1
fi
while read username; do
# echo $username
     status=`$mysqlprog -h <ip> -u $mysqluser -p$mysqlpass -D postfix
     -e "SELECT clear FROM users WHERE email='$username'"`
     if [ "$status" = "" ]; then
         echo "ERR"
     else
         echo "OK"
     fi
done

This works ok, for a couple of requests, but when doing more than a
few requests (like 10) from one pc, some of the GET requests do not
get authenticated, so some websites display page without or with a few
images, or don't display at all.

I tried fiddling with

authenticate_cache_garbage_interval 5 minutes
authenticate_ttl 1 hour

but this did not help.

Is there any way to debug this, or are there any known problems with
this type of setup ?

This is my squid version, on debian sarge.
Squid Cache: Version 2.5.STABLE5
configure options: --prefix=/usr --exec_prefix=/usr
--bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid
--sysconfdir=/etc --localstatedir=/var/spool/squid
--datadir=/usr/share/squid --enable-async-io --with-pthreads
--enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter
--enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp
--enable-delay-pools --enable-htcp --enable-poll
--enable-cache-digests --enable-underscores --enable-referer-log
--enable-useragent-log --enable-auth=basic,digest,ntlm
i386-debian-linux

Thanks,

Pieterjan Heyse
 
 
Scheppersintituut Wetteren
Cooppallaan 128
9230 Wetteren
Tel: 09 3692072
Fax: 09 3661348
mailto:pieterjan.heyse@scheppers-wetteren.be
 
Received on Tue May 18 2004 - 05:02:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT