Re: [squid-users] External_acl_type and cache_peer

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 07 Aug 2009 17:39:19 +1200

Sander, Andreas wrote:
> Hello,
>
> I am using Squid 2.7Stable6. I have an external helper that shall
> obfuscate the authenticating user for a cache_peer. Unfortuantely this
> does not work in any condition:
>
> Lets take an example where my helper returns:
> OK user=hello password=world
>
> Example 1:
>
> auth_param ...
> external_acl_type groupbuilder children=1 %SRC %DST
> C:\temp\helper\Debug\helper.exe
> acl special external groupbuilder
> http_access allow special
> cache_peer 192.168.1.101 parent 3128 7 no-query default login=PASS
>
> In this example the user "hello" is used for authentication when passing
> the request to "192.168.1.101". Unfortunately the user is not
> authenticated.
>
>
> Example 2:
> auth_param ...
> external_acl_type groupbuilder children=1 %LOGIN %SRC %DST
> C:\temp\helper\Debug\helper.exe
> acl special external groupbuilder
> http_access allow special
> cache_peer 192.168.1.101 parent 3128 7 no-query default login=PASS
>
> In this example, always the authenticating user, which is authenticated
> by "auth_param" is passed to "192.168.1.101". The result of the external
> helper is ignored.
>
> What can I do to modify a login name by an external helper?

You cannot.

login=PROXYPASS simply passes the authentication headers the client sent
without changing.

login=PASS does the above, but when the client did not send any such
header it may _add_ a Basic auth header using the external helper details.

login=<username>:<password> does not pass anything, it uses the values
from squid.conf on every request.

login=*:<password> passes the client-given username through but replaces
the password with the one in squid.conf on every request.

This is the total of the login= features available in Squid 3.1 and older.

Squid-3.2 is currently open for new features. If you can specify your
requirements in detail and why the above features don't cover them
please send to squid-dev_at_squid-cache.org

Amos 

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Fri Aug 07 2009 - 05:39:26 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 08 2009 - 12:00:02 MDT