[squid-users] Passing username from external acl to cache peer

From: Russell <rt@dont-contact.us>
Date: Tue, 14 Feb 2006 13:55:39 +0800

Hi,

Was hoping to get some help passing usernames from an external acl to a
cache peer. My situation is squid -> dansguardian -> squid. First
squid for making ident queries and applying some acl's we have in place
(quota limits, identification required etc) which then needs to pass the
username from the ident query to dansguardian so that users can be put
into filter groups. Staff vs Students. Dansguardian does not need to
pass the ident any further, the final squid services all connections
from the first squid machine only.

I found a post on this mailing list with the same subject which
contained a patch for 2.5-STABLE10
(http://www.squid-cache.org/mail-archive/squid-users/200506/0168.html)
and have attempted to incorporate it into the 2.5-STABLE12 source I am
building from, but my knowledge is a little lacking in the programming
department so I have no idea whats gone wrong. It appears to be trying
to pass something but it is showing up as empty in the username field.
Not the usual hyphen - when a username is not passed.

Viewing the headers with the patch from this list applied shows that it
is sending through
Proxy-Authorization: Basic OnBhc3N3b3Jk
with OnBhc3N3b3Jk decoded to :password which is what my cache_peer line
tells it to try and do. login=*:password. So the username variable is
not being filled with the ident request but is being filled by an empty
string (not null).

acl identrequired ident REQUIRED
acl blocklist ident "/etc/squid/blocked-users.lst"
acl exceededquota ident "/etc/squid/user-limit.lst"
acl staffusers ident "/etc/squid/staff.lst"
acl adminusers ident "/etc/squid/admin.lst"
http_access allow specialcases
http_access allow adminusers
http_access allow staffusers
http_access deny blocklist
http_access deny exceededquota
http_access allow identrequired
http_access deny all

cache_peer 127.0.0.1 parent 8081 0 no-query login=*:password

Any assistance in getting ident usernames to Dansguardian would be
greatly appreciated.

Thanks

Russell

Network Manager SSSC
Received on Mon Feb 13 2006 - 22:56:05 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST