I am using squid_ldap_auth as shipped with squid 2.5stable5
and also squid_ldap_group but that's out of topic.
to which version do I need to upgrade ?
The most recent update on the subject I could find was for 2.5ST4 (bugzilla#789)
Andrew.
Selon Tim Neto <tneto@komatsu.ca>:
>
> Hello Andrew,
>
> What external authentication helper are you using? LDAP, SAMBA, or ... ???
>
> The helper program needs to be upgraded to effectively respond with
> "ERR" to these type of requests.
>
> Tim
>
> -----------------------------------------------------------
> Timothy E. Neto
> Computer Systems Engineer Komatsu Canada Limited
> Ph#: 905-625-6292 x265 1725B Sismet Road
> Fax: 905-625-6348 Mississauga, Canada
> E-Mail: tneto@komatsu.ca L4W 1P9
> -----------------------------------------------------------
>
>
>
> apmailist@free.fr wrote:
>
> >Hi,
> >
> >
> >Putting a whitespace prefix or suffix in the username at authentication time
> >causes :
> >
> > - acl's based on username to be circumvented
> > - access.log analysis to be fooled.
> >
> >This is because a "%20" is put in place of the whitespace :
> > %20username
> >or username%20
> >
> >
> >Is there a rule or option to reject all usernames containing a whitespace ?
> >Or should I put a special ACL to deny access to those users who put a
> whitespace
> >by mistake?
> >The best would be that Squid asks for a username/passwd until it is valid
> (good
> >pair && no whitespace) so that the end-user doesn't get confused.
> >IE : "my password is accepted , but I get a Forbidden Access page"
> >
> >(I could'nt find anything in the archives or FAQ, maybe I didn't use the
> correct
> >keywords ? - %20, username, whitespace, space, or blank)
> >
> >
> >
> >Thanks for your help,
> >
> >Andrew.
> >
> >
> >
> >
>
Received on Fri Jan 07 2005 - 09:29:25 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST