RE: [squid-users] authenticate_program

From: Matt Johnson <mjohnson@dont-contact.us>
Date: Sun, 27 May 2001 20:21:25 -0500

Henrik Nordstrom wrote:
> Matt Johnson wrote:
>
> > I have a redirector setup, and am also using an authentication program
> > to validate users, and they work fine independently... but I don't see
> > how I can authenticate a user, with a "username+passoword", and then
> > use the redirector to control which pages that user can go to. From
> > what I can tell the redirector doesn't send the username, that was
> > sent to the authenticate_program. Did I miss something here in how the
> > redirectors work?
>
> Redirectors get the authenticated username of the user requesting the
> URL. This is send in the ident field to redirectors.

Robert Collins wrote:
> Yes. Squid performs the authentication, then gives the username to the
> redirector. You need to configure squid to perform authentication first.
> Also IIRC a somewhat older version of squid had a bug in this area.

CONFIRMED!

Robert, you are right, some older versions of squid had a bug in that area.
I was using 2.2 STABLE5, some Debian package I got using apt-get. It was
quick and painless to install.... but has bugs. :-)

I finally broke down and got 2.4 STABLE1 to working, and it looks like it
passes the username in the ident field just fine.

Note:
In all the documentation I read, the field was always called "ident". I know
that there is an ident protocol, and some other stuff, but if this field is
also used for passing the username of a proxy_auth should it still be called
ident? It took me forever to find out what ident did and didn't do before I
knew what ident was, and then to find out the field is also used to pass the
username of a proxy_auth request. I didn't find it too clearly put what the
ident field was used for, or of the relation with the proxy_auth requests.
Thanks for your help!

Matt
Received on Sun May 27 2001 - 19:21:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:19 MST