RE: [squid-users] %EXT_USER value from Amos Jeffries on 2009-04-15 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 16 Apr 2009 12:14:09 +1200 (NZST)

> Thanks for the reply Amos.
>
> Please see my previous mail for a complete explanation of my
> requirements.
> http://www.squid-cache.org/mail-archive/squid-users/200904/0295.html
>
> I'm using
> Squid Cache: Version 3.0.STABLE13
>
> I'm looking for a way to pass a variable to an external acl which must
> contain an already authenticated username.
> I can not use %LOGIN because squid will assume that it's an auth helper
> and prompt the user for re-authentication on ERR return and I want to
> return a custom page on ERR return.
>
> I just thought %EXT_USER will contain the username from and external
> auth helper.

Ah, no the auth helpers are what fill %LOGIN. Unless you force browsers
to add the user details (the popup or 407 with %LOGIN) then its down to
blind chance that you get it at all.

> Conf example
> =======
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> external_acl_type QuotaUser ttl=1 negative_ttl=0 children=3 %EXT_USER
> /sqm/bin/quota_user.pl
> acl password proxy_auth REQUIRED
> acl quota_user external QuotaUser
> http_access deny !password
> http_access deny quota_user
> http_access allow all
> deny_info ERR_CUSTOM_IN_QUOTA_USER quota_user
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: 15 April 2009 01:56 PM
> To: Bartel Viljoen
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] %EXT_USER value
>
> Bartel Viljoen wrote:
>> Dear Squid users.
>>
>> Does anyone have a working squid conf example of the %EXT_USER that is
>
>> available in squid 3. When I debug the value of %EXT_USER via a
>> external helper, the value is always "-", even though the log file is
>> showing the real username.
>
> %EXT_USER is the value returned from an external helper. So most cases
> it would not exist yet. How exectly are you testing it and what exact
> release version of squid-3 is this?
>
>>
>> Currently I'm using the following auth program auth_param ntlm program
>
>> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
>>
>> A squid conf example would be of great help.
>
> Then the value you are probably looking for is %LOGIN.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
> Current Beta Squid 3.1.0.7
>
> -----------------------------------------------------------------
> Network & Computing Consultants
> Tel: 0861-555444 | Fax: 0861-555445
> http://www.ncc.co.za
>
> This e-mail is subjected to a disclaimer that can be viewed at:
> http://www.ncc.co.za/legal/email-disclaimer.html
>
> Email Managed by MailXServer - http://www.mailxserver.com
> -----------------------------------------------------------------
>
>
Received on Wed Apr 15 2009 - 23:14:12 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 16 2009 - 12:00:01 MDT