Re: Squid + RADIUS: the status of radauth for squid

From: Marc van Selm <marc.van.selm@dont-contact.us>
Date: Tue, 01 Dec 1998 12:29:30 +0100

At 06:14 AM 12/1/98 +0700, you wrote:
>Dear Sir,
>
>Refer to http://www.cineca.it/proxy/search/html/9811/285.html, could you tell
>me when will Squid 2.x with RADIUS module be released?

I'm not sure if it will ever be released at all. It's something I've made for
my own use but I'm willing to share it with you. It is not officially
supported
by me or any-one of the Squid-team (I'm not a member of the core Squid
development team by the way).

I'll mail it to you. My RADIUS authenticator works in a Linux environment.
Solaris has a few small problems (which I have fixed but I haven't found the
time to include them in the "distribution" source)

>I'm trying to set up my Linux box which has Squid 1.2 running on right now to
>support Proxy Authtication (or Proxy Authorization I'm not sure how to call.
>I don't know what is the difference of authentication and authorization).
>I'm running Squid 1.2 on my university firewall. I'm thinking about force all
>Netscape users to be authenticated to get connect to outside once after they
>have launched Netscape. I think Arjan De Vet's "ACL Proxy Authentication with
>External Programs" is what I need.

For squid-1.1.x that patch is required. Squid2.x has this build in. Squid
hands
the authentication over to external program. This program can look into a
password database, use RADIUS, SMB, or whatever method to verify a
user/password combination.

> From his Web page, Last updated: 1998/11/23
>21:40h CET, I cound't find any external program that verify password with a
>server on network (not with the host that running Squid itself). I'm thinking
>about RADIUS. I hope you know RADIUS. I have a Digital Unix server which acts
>as Email server for all students/staff here. I also run RADIUSd on the server
>so that whey they dial in from home it'll authenticate them onto the
Internet.
>So, I'd like to use radpwtst which comes with Merit RADIUSd in this case.
>I'd like to ask you if you ever tried or ever known of this. Thanks in
advance.

Not bad. RADIUS is a nice open standard for this kind of thing. There is
currently no official RADIUS authenticator available for Squid (as far as I
know). As soon as I find the time I'll run through the sources, documentation
etc and publish it officially. The problem is that this is a private project
and my employer doesn't like me spending time on this so it has to compete
with
the rest of my hobbies...

For now. I anyone mails me I'll send you a copy of my sources. They might have
some problems (let me know if you find any) but I can't give extensive
support.

Marc van Selm
>
>Regards,
>Surasak.
>
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
Tel: +31 70 3142454
---------------------------------------------------------------------
Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm
Received on Tue Dec 01 1998 - 04:49:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:32 MST