Re: [squid-users] Re: Joomla DB authentication support hits Squid! :)

From: Luis Daniel Lucio Quiroz <luis.daniel.lucio_at_gmail.com>
Date: Sat, 1 May 2010 11:37:46 -0500

Le vendredi 23 avril 2010 00:20:13, Amos Jeffries a écrit :
> Luis Daniel Lucio Quiroz wrote:
> > Le jeudi 22 avril 2010 20:09:57, Amos Jeffries a écrit :
> >> Luis Daniel Lucio Quiroz wrote:
> >>> Le jeudi 22 avril 2010 15:49:55, Luis Daniel Lucio Quiroz a écrit :
> >>>> HI all
> >>>>
> >>>> As a requirement of one client, he wants to use joomla user database
> >>>> to let squid authenticate.
> >>>>
> >>>> I did patch squid_db_auth that Henrik has written in order to support
> >>>> joomla hash conditions.
> >>>>
> >>>> I did add one usefull option to script
> >>>>
> >>>> --joomla
> >>>>
> >>>> in order to activate joomla hashing. Other options are identical.
> >>>> Please test :)
> >>>>
> >>>> Ammos, I'd like if you can include this in 3.1.2
> >>
> >> Mumble.
> >>
> >> How do other users feel about it? Useful enough to cross the security
> >> bugs and regressions only freeze?
> >>
> >>>> LD
> >>>
> >>> I have a typo in
> >>> my salt
> >>>
> >>> should be
> >>> my $salt
> >>>
> >>> sorry
> >>
> >> Can you make the option --md5 instead please?
> >>
> >> Possibilities are not limited to Joomla and they may change someday.
> >>
> >> The option needs to be added to the documentation sections of the helper
> >> as well.
> >>
> >> Amos
> >
> > I dont get you about "cross the security",
>
> 3.1 is under feature freeze. Anything not a security fix or regression
> needs to have some good reasons to be committed.
>
> I'm trying to stick to the freeze a little more with 3.1 than with 3.0,
> to get back into the habit of it. Particularly since we look like having
> a good foothold on the track for 12-month releases now.
>
> > what i did is that --joomla flag do diferent sql request and because
> > joomla hass is like this:
> > hash:salt
> > i did split and compare. by default joomla uses md5 (i'm not a joomla
> > master, i dont know when joomla uses other hashings)
>
> I intend to use this auth helper myself for other systems, and there are
> others who ask about a DB helper occasionally.
>
>
> Taking a better look at your changes ...
>
> The first one: db_conf = "block = 0" seems to be useless. All it does
> is hard-code a different default value for the --cond option.
>
> For Joomla the squid.conf should instead contain:
> --cond " block=0 "
>
>
> Which leaves the salted/non-salted hash change.
> Adding this:
>
> --salt-delimiter D
>
> To configure character(s) between the hash and salt values. Will not to
> lock people into the specific Joomla syntax of colon. There are
> examples and tutorials out there for app design that use other delimiters.
>
> Doing both of those changes Joomla would be configured with:
>
> ... --cond " block=0 " --salt-delimiter ":"
>
> > if you want, latter i may add also --md5 to store md5 password, and
> > --digest- auth to support diggest authentication :) but later jejeje
>
> Amos

HI
i've just update my patch to fit 3.1.2

I hope this could be included since it is based on todays snapshot.

Regards,

LD

Received on Sat May 01 2010 - 16:37:08 MDT

This archive was generated by hypermail 2.2.0 : Sun May 02 2010 - 12:00:03 MDT