Re: Squid 1.2beta20 & Proxy_Auth [patch]

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 12 May 1998 00:38:05 +0200

--MimeMultipartBoundary
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Duane Wessels wrote:

> So htpasswd(1) uses crypt if its available? Squid has to use crypt
> if htpasswd does, and not if not?

Correct.

I don't know of any htpasswd program that doesn't require crypt(), but
if crypt() is not used then passwords are in plaintext and thus a
htpasswd program is not really needed to set passwords..

We should add a configure warning of the same magnitude as "not enought
filedescriptors" when we fail to detect crypt().

  WARNING! failed to find a crypt() function. proxy_auth passwords
  will be in plaintext format.

cachemgr_passwd should probably be changed to use crypt() passwords as
well, or even better: changed to ACL lists.

A proposal for proxy_auth user-level access control in ACL lists:

Change the ACL type username to the user identified by proxy_auth or
ident (if proxy_auth was not used). If mixing proxy_auth and ident in
one ACL type feels wrong then rename the current ident-based ACL to
ident, and change username to indicate proxy_auth user name.

/Henrik

--MimeMultipartBoundary--
Received on Tue Jul 29 2003 - 13:15:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:47 MST