Re: [squid-users] MySql Authorization

Hi,

thanks for your help, but I'm looking for an external helper.

What I need is a little tool that take username as standard input and
check it against a simple table to see if it exist.

I've tried to simplify sqauth from squid2mysql to obtain this and from
command line it works fine (provided that you pass 4 backslash, but that
is a minor problem).

#!/bin/sh
#
mysqluser=user
mysqlpass=password
mysqlprog=`which mysql`
if [ "$mysqlprog" = "" ]; then
     echo "MySQL not found!"
     exit 1
fi
while read username; do
# echo $username
     status=`$mysqlprog -u $mysqluser -p$mysqlpass -D squid -e "SELECT
username FROM auth WHERE username='$username'"`
     if [ "$status" = "" ]; then
         echo "ERR"
     else
         echo "OK"
     fi
done

Tha problem is that I don't know how to make squid pass username checked
with wb_auth to this helper.

I've tried the following configuration but it doesn't work. Probably I
miss a lot of knowledge in how helpers work.

auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 20
auth_param ntlm max_challenge_lifetime 15 minutes
auth_param basic program /usr/lib/squid/wb_ntlmauth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type mysql concurrency=5 ttl=900 %LOGIN /usr/bin/sqauthorize

acl browsing external mysql

http_access allow browsing

All the part about wb_ntlmauth works fine (i've tested it with wb_group).

What am I doing wrong ?

Hegedüs Ervin wrote:

> Hello,
>
>
>>I would like to know if exist some kind of external helper to authorize
>>users authenticated with another method.
>>
>>I'm already using Netbios authentication but instead of the group helper
>> i would prefer to create an ACL based on a mysql table.
>
>
> http://freshmeat.net/projects/mysql_auth/?topic_id=148
>
> official site:
> http://people.fsn.hu/~airween/mysql_auth/index.html
>
> and undocumented beta version:
> http://people.fsn.hu/~airween/mysql_auth_beta/index.html
>
> the last one is better choice for newest MySQL versions. it uses
> mysql_real_connect(), not older mysql_connect().
>
> The program has GPL license, you may rewrite it for your idea.
>
> Important: it is not _external_helper_, it is just a simple
> basic helper.
>
> If you have any question, please drop an email to own list, or
> direct to me.
>
>
> Bye:
> air
>
>
Received on Thu Jan 22 2004 - 09:22:58 MST