Henrik Nordstrom wrote
> Matt Johnson wrote:
> >
> > My directory contains specific IPs, and specific URLs that a user has
> > access to, and I am wanting to authenticate a user based on that
> > information. So, getting the IP, and URL passed to my authentication
> > program is a must. I just have to figure out how to make Squid do
> > this. :-)
>
> For this purpose you should use the redirector interface, not the
> "username+password" verification interface.
I have a redirector setup, and am also using an authentication program to
validate users, and they work fine independently... but I don't see how I
can authenticate a user, with a "username+passoword", and then use the
redirector to control which pages that user can go to. From what I can tell
the redirector doesn't send the username, that was sent to the
authenticate_program. Did I miss something here in how the redirectors work?
We've developed a database of employees, and thousands of sites that we let
them go to. We have groups in our database where we let certain departments
go to certain sites. So, the tie between url, and username is required.
Example:
UserAA belongs to Department1, Department2, Department3
UserBB belongs to Department2
UserCC belongs to Department3
UserDD belongs to Department2, Department1
Department1 can access sites A, B, C, D, E, F, G
Department2 can access sites A, F, H, I, J, K, L
Department3 can access sites H, K, M, N, O, P
We don't want UserCC to have access to UserAA's account, so we use a
"username+password" to keep things relatively secure. Everything is
restricted. Plus we have remote employee's and all kinds of other crazy
variables. An ident solution just wouldn't work, be practical, or secure.
So, with you knowing a little more of my situation, do you still think a
redirector is going to work?
Matt
Received on Sun May 27 2001 - 16:06:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:19 MST