Re: Authentication Via Another Server

From: Dancer <dancer@dont-contact.us>
Date: Mon, 15 Nov 1999 04:54:07 +0000

John Hammond wrote:
>
> On Wed, 10 Nov 1999 09:17:29 +0100 you said:
> >At 19:15 11/09/1999 -0500, John Hammond wrote:
> >> I'd like to know if the following could be implemented using Squid.
> >>We want to have Squid running on an AIX or Linux box make a call (open
> >>an HTTP connection) to another host for the purpose of passing the userid
> >>and password combination for authentication via the other host. The
> >>authenticating host would pass back to the Squid host whatever was
> >>required (ERR or OK, I believe) via the HTTP connection opened by the
> >>host running Squid. Essentially, the Squid authentication routine will
> >>just call another host via HTTP which will actually do the authentication.
> >>Possible with Squid?
> >
> >(Please treat this as coming from someone who knows way to little about Squid)
> >
> >If you must use another host to do the authentication, and you must use
> >http for the authentication 'call', then I'm not sure.
> Yes, we must use the other host for authentication. It contains the
> large number of existing accounts against which we want to authenticate.
> We don't want to have to create an entire other accounts management
> system for the host which will run Squid. We want to use all the
> existing accounts without alteration or without having to recreate them.
> We want to use HTTP because we have a web server for the authentication
> host. I don't want to have to write a sockets interface on that host to
> communicate with the Squid host. We want to leverage the existing web
> interface. We have written a Perl script on the host where Squid would
> run. It opens an HTTP connection to the web server on the authentication
> host which then runs a CGI and passes back an ERR or OK which proves the
> basic concept will work. The question is can we insert it (or something
> like it) into Squid as the authentication routine.
> If the url of the resource which the proxy server is protecting is
> available to the authentication routine in Squid, we can concatenate
> it to the password and pass the userid and "password|url" to the
> authentication host which can then process the information to determine
> whether the user should be granted access to the url via the proxy
> server.
> At least, that is what we hope we can do. Having heard no other
> responses, I'm not so sure it will be possible.

You could easily write an authenticator program to do this.

D
Received on Sun Nov 14 1999 - 21:32:46 MST

This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT