On 28/02/2012 9:07 p.m., Erwann Pencreach wrote:
> Hi all,
>
> here is what I've done in squid.conf :
>
> external_acl_type loggeduser children=15 %DST %SRC
> /etc/squid3/squid.d/loggeduser_acl.sh
> acl isok external loggeduser
> http_access allow isok
>
If you add an ID you can use concurrency to reduce process overheads.
> and here isloggeduser_acl.sh script :
>
>
> while read dst srchost;
while read id dst srchost;
> do
> date=$(date +"%d/%m/%Y %H:%M:%S")
> authuser=$(command to get logged user on client host)
> if [ ! $(echo $authuser | wc -w) -eq 1 ]
> then
> echo "[KO] number of connected user differs from 1 $srchost $dst"
>>> /var/log/squid3/extacl.log
> echo "ERR"
echo "${id} ERR"
> else
> isok=$(the I check my access right)
> if [ $isok ]
> then
> echo "[OK]$date $authuser($accountstatus) $srchost $dst">>
> /var/log/squid3/headers.log
> echo "OK user=$authuser"
echo "${id} OK user="${authuser}"
> else
> echo "[KO]$date $authuser($accountstatus) $srchost $dst">>
> /var/log/squid3/headers.log
> echo "ERR user=$authuser"
echo "${id} ERR user=${authuser}"
# NOTE: do you actually have authuser at this point?
> fi
> fi
> done
> exit 1
>
>
The question that comes to my mind here is what backend you are
intending to use this with? what authentication database/system needs
you to write a whole new helper?
Amos
Received on Tue Feb 28 2012 - 12:07:35 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 28 2012 - 12:00:11 MST