On Sunday 08 September 2002 09.12, Andrew Bartlett wrote:
> So, where do we go from here? For anything that looks at all like
> unix, the published unix interfaces are the way to go - we
> implement nsswitch and PAM in particular. For NTLMSSP, I've
> poposed one earlier in this thread.
Is this the NTLMSSP helper ASCII interface proposal I sent to
squid-dev, or do you have another proposal? Or what are we talking
about here?
> For the other interfaces, somebody (not me!) needs to define
> an interface, and propose it to samba-technical.
In Squid we currently use the following simple protocol
Query sent by Squid:
username groupname ...\n
Response sent by the helper
OK/ERR [reason="..."]\n
OK if the user belongs to any of the groups (and matches command line
criterias if any, depending on the helper used)
If there is whitespace or \ in the username or groupname then these
must be escaped with \ or quoted with ".
There is a fair bit more to the capabilities of interface in Squid
used for this, but the above is the aspects that apply to group
lookups.
In Squid-2.6 we are likely to also support the use of URL escaping as
an alternative quoting mechanims in these lookups. Maybe also the
concept of returning a list of groups in response to authentication.
Regards
Henrik
Received on Sun Sep 08 2002 - 03:49:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:29 MST