On Wed, 19 Jan 2005 23:17:58 +0100 (CET), Henrik Nordstrom
<hno@squid-cache.org> wrote:
> On Mon, 17 Jan 2005, Scott wrote:
>
> > Sorry Henrik, should have elaborated a little... I have over 1000 customer
> > sites.. that would be a little ugly to set up and very ugly to maintain.
>
> Not very, but a little yes.
>
> >> It must be another proxy (such as Squid) and it must support forwarding of
> >> the user credentials to another proxy but with a modified username (which
> >> Squid does btw.. see the login= cache_peer option).
> >
> > I'll take a look at this me thinks
>
> I am not sure you will find any which does what you want.
>
> Probably easier to modify Squid to your desires. If you use Basic
> authentication then all you should need to modify is the decoding of the
> authentication header to always add the client ip to the username.
>
> see src/auth/basic/auth_basic.c authenticateBasicDecodeAuth()
>
Henrik / All,
My company has actually subcontracted out this partcular task and we
implemented the solution yesterday. (We needed to do username
rewriting based on client source IP). The code writers have said that
they are happy to release the patch to the community however there's a
raft of red tape, intellectual property and management approval to be
done before we can. Hopefully there won't be any objections and we can
release the patch for possible inclusion in squid.
Will keep the list posted.
Regards
David Brown
> Regards
> Henrik
>
Received on Wed Jan 19 2005 - 15:36:27 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST