Re: [squid-users] Is there any way to use proxy_auth with MD5 onl y server?

From: Robert Collins <robert.collins@dont-contact.us>
Date: Wed, 20 Jun 2001 08:06:17 +1000

----- Original Message -----
From: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
To: "'UsersMailbox'" <MailBox2@provider.ne.jp>;
<squid-users@squid-cache.org>
Sent: Tuesday, June 19, 2001 10:11 PM
Subject: RE: [squid-users] Is there any way to use proxy_auth with MD5
onl y server?

> > Hello!
> >
> > "the passwd helpers" ?
> >
> > Could anybody tell me any pointers and docs ...
>
> Squid does not perform user authentication by itself, but it
> relies on external processes ("helper servers" [1]) which it talks to
> and that perform the actual authentication on squid's behalf.
> In particular the "NCSA" auth-module uses the system-supplied
> crypt() function to perform authentication against a passwd-like file.
> So if your system can support an encryption scheme, than Squid
> can use that too.
>
>
> --
> /kinkie
>
>
> [1] There is a bit of confusion going on about the actual terms
> to be used here and to what they refer. Here I try to clarify a bit
> of terms, hopefully I won't instead increase the confusion levels:

*cough* - you got it close ;]

> An "Auth scheme" (scheme for short) refers to some protocol that
> clients (browsers) and servers (squid) can use to perform the
> authentication operation.
> Squid 2.4 supports only the Basic auth scheme, Squid 2.5 will support
> Basic, NTLM (aka Windows single-sign-on) and Digest.

For each scheme, squid 2.5 in-process code to handle that scheme. That
code is the "auth module".

> An "Auth helper" (helper for short) is a portion of squid code that
> handles some auth scheme. This can refer to both intra-process code
> or extra-process code. This is a 2.5 term, in squid 2.4 those are
called
> "auth modules".

The "Auth helpers" typically does _NOT_ handle the auth scheme. That
squid<-->browser communication is handled by the "auth module" (2.5
terminology).
==> An auth helper is code that interfaces between squid and an external
user database. This code is auth module dependant. The Auth helper code
simply authenticates users against a backend database. Thus squid
doesn't need to change when the backend database changes from htpasswd
to ldap to SMB.
(And the inevitable exception is NTLM: NTLM is tightly integrated
between the backend user database and the front end browser<-->squid
protocol. Because of this the NTLM auth helper actually does do a lot of
the auth scheme management.).

> An "Helper server" (server for short) is an external process, an
instance of
> an auth helper, which actually performs the authentication operation.

Rob
Received on Tue Jun 19 2001 - 16:04:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:48 MST