Re: [squid-users] Passthrough authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 17 Aug 2004 23:38:21 +0200 (CEST)

On Tue, 17 Aug 2004, Janno de Wit wrote:

> squid1 handles Ident authorization, web access, Basic auth etc..
> It has an upstream proxy to ''proxy2''.
>
> What I need is a username (thus, basicauth username or identusername) in proxy2'.
>
> Is there a way to pass this login information from squid1 to proxy2?
> I need only the Basic-auth login name or the ident-username.

See the cache_peer directive on how to bass Basic authentication to peers
in different forms (many alternatives available). In fact it is not
strictly related to Basic auth as it is also possible to forward the
username from NTLM or Digest authentication (just not the password in such
cases).

> After some google search i found that basic-auth can work with
> upstream-proxy loginforwarding, but it can't with ident usernames
> because the http request struct nothing knows about the
> client-connection?.

Probably correct.

> I use both in my setup. Is there a way to get Ident Auth too?

There is always ways as you have the source and the information is there
somewhere..

> Or, if it can't. Where do i need to patch Squid to send an extra header with username to proxy2? so i can develop myself...

The Basic auth forwarding is in httpBuildRequestHeader(). Just look for
"Basic %s" and "PASS". Please note that the code paths are slightly
different depending on the peer authentication mode selected (none, PASS,
custom or static).

Regards
Henrik
Received on Tue Aug 17 2004 - 15:38:26 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT