RE: [squid-users] cache_peer authentication?

From: Chris Robertson <crobertson@dont-contact.us>
Date: Fri, 15 Jul 2005 10:34:36 -0800

> -----Original Message-----
> From: Duncan Reed [mailto:duncanreed@yahoo.com]
> Sent: Friday, July 15, 2005 2:56 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] cache_peer authentication?
>
>
> Hi all
>
> I'm a relative newbie, so be gentle when I'm dumb!
>
> I have a child proxy looking after part of a
> network, and I have it set that it directs all
> requests to a parent. I don't want the individual
> clients to authenticate to that child proxy.
>
> However, I do want the child proxy to authenticate to
> the parent. I can see from the documents how one would
> control access based on IP address.
>

Look into the cache_peer directives. Something like...

cache_peer parent.example.com parent 3128 7 no-query login=marketing:secret

...would authenticate against the parent proxy using the above credentials for all requests (and not do ICP queries).

> Is there a way to handle this with a username/password
> pair, and furthermore, manage that u/p pair through an
> external helper (so I could store the u/p in MySQL for
> example)?

Assuming that this is an extension of the "child authenticates for all" question above, in the parent's squid.conf if you add...

acl marketing-proxy proxy_auth marketing

... you would have an acl (named "marketing-proxy") that would match the authentication used by the hypothetical child proxy above.

As for using MySQL to store username/password combinations, that would be done by making (or finding) a program that takes in the information and spits out "OK" or "ERR". The squid.conf.default has more information.

>
> TIA
>
> Duncan

Chris
Received on Fri Jul 15 2005 - 12:34:38 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT