Re: external ACL

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 19 Jul 2001 08:26:16 +1000

So you want to force authentication if not present?

Three possible ways
1) duplicate code from the proxy_auth ACL type. Remembering that
_authentication_ vs authorisation is all modularised in authenticate.c
2) have the user add
acl foo proxy_auth REQUIRED
and then write their external acl access rules that use %LOGIN as (say)
http_access deny !foo external external !external
3) dynamically insert the data for 2) when parsing, if you encounter %LOGIN
in a external_acl rule.

I favour 3 - it's a bit harder to do _right_, but the user may be less
confused.

Rob

----- Original Message -----
From: "Henrik Nordstrom" <hno@marasystems.com>
To: "Squid Developers Mailinglist" <squid-dev@squid-cache.org>
Sent: Wednesday, July 18, 2001 10:41 PM
Subject: external ACL

> The implementation of an external ACL type is now mostly completed.
>
> http://squid.sourceforge.net/external_acl/
>
> It has passed initial tests clean, but there are some minor issues to
> address.
>
> Robert: How to best integrate this thing with authentication? It is "yet
> another" ACL type that can require the user to be logged in, and the
> browser may need to be requested to send credentials, complete the
> challenge handshake and so on.
>
> --
> Henrik
>
>
>
Received on Wed Jul 18 2001 - 16:23:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:07 MST